Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pagina brouser iniziale cambiata e apertura pagine di continuo

pagina brouser iniziale cambiata e apertura pagine di continuo Opzioni
Topic Precedente · Topic Sucessivo
erryr1
Inviato: Wednesday, July 29, 2009 5:01:30 PM
Rank: AiutAmico

Iscritto dal : 8/21/2001
Posts: 33
salve a tutti

ho un problema con il brouser, sia per la pagina iniziale che per aperture di continue pagine
grazie in anticipo




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.58.33, on 29/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\PROGRAMMI\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\documents and settings\administrator\impostazioni locali\dati applicazioni\kmoam.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programmi\Media Access Startup\1.5.0.850\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programmi\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Download-IT Toolbar - {7331ed91-b43e-4afe-92a8-f54e8976633f} - C:\Programmi\Download-IT\tbDown.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Programmi\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [OleAut32.dll] regsvr32.exe /s C:\WINDOWS\System32\OleAut32.dll
O4 - HKLM\..\RunOnce: [OlePro32.dll] regsvr32.exe /s C:\WINDOWS\System32\OlePro32.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [kmoam] "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\kmoam.exe" kmoam
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?edbd9ff4b48e42679bfec8d470c146d2
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?edbd9ff4b48e42679bfec8d470c146d2
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4481D22-0984-403F-A059-9CEA9D1E06A0}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\System32\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\ctbr.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 9877 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, July 29, 2009 5:01:30 PM

 
Torna in alto
 
erryr1
Inviato: Wednesday, July 29, 2009 5:09:05 PM
Rank: AiutAmico

Iscritto dal : 8/21/2001
Posts: 33
dimenticavo
prima avevo un virus che riempiva il mio hd, ora penso di averlo risolto.
l'hard disk adesso non si riempie da solo ma cmq mi è rimasto poco spazio
dove posso cercare i file che generava il virus per cancellarli?
grazie ancora
Torna in alto
 
shapiro
Inviato: Wednesday, July 29, 2009 5:25:10 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

hai il virus navipromo ancora nel pc
esegui questo programma per eliminarlo




Scarica Navilog da qui

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

scaricalo sul desktop e installalo.




Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows
=> scegli modalità provvisoria (usa il tasto freccia ^

esegui Navilog1

scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)

Riavvia il pc in modalità normale esegui navilog, scegli la lingua e, al menù di scelta, seleziona l'opzione 1 (non scegliere le altre).

Ad un certo punto uscirà una scritta "Analysis ... Terminate", premi un tasto come richiesto e si aprirà un file di testo (il rapporto della scansione).

nota: lo trovi anche in c:\ con il nome fixnavi

Posta il log della scansione.




Scarica e installa http://www.malwarebytes.org/mbam/program/mbam-setup.exe Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata


Appena finito posta un nuovo log di hjt e procederemo alle pulizie finali
Torna in alto
 
antonpaco
Inviato: Wednesday, July 29, 2009 5:31:53 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
C:\documents and settings\administrator\impostazioni locali\dati applicazioni\kmoam.exe
O4 - HKCU\..\Run: [kmoam] "c:\documents and settings\administrator\impostazioni locali\dati applicazioni\kmoam.exe" kmoa

credo che queste stringhe sopra sia un virus, ma ci sono anche altre cose da eliminare, aspettiamo qualche amico
esperto che sappia consigliarti sul da farsi. nel frattempo fai scansionare i files sopra dal sito www.virustotal.com
Torna in alto
 
erryr1
Inviato: Thursday, July 30, 2009 3:19:52 PM
Rank: AiutAmico

Iscritto dal : 8/21/2001
Posts: 33

forse ho risolto, non mi compaiono + le pagine e quella iniziale è ok

secondo voi?

grazie mille

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.18.05, on 30/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\PROGRAMMI\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PavJobs.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\SpyTheSpy\SpyTheSpy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Microsoft Office\Office10\EXCEL.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Download-IT Toolbar - {7331ed91-b43e-4afe-92a8-f54e8976633f} - C:\Programmi\Download-IT\tbDown.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [OleAut32.dll] regsvr32.exe /s C:\WINDOWS\System32\OleAut32.dll
O4 - HKLM\..\RunOnce: [OlePro32.dll] regsvr32.exe /s C:\WINDOWS\System32\OlePro32.dll
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: SpyTheSpy.lnk = C:\Programmi\SpyTheSpy\SpyTheSpy.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?edbd9ff4b48e42679bfec8d470c146d2
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?edbd9ff4b48e42679bfec8d470c146d2
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4481D22-0984-403F-A059-9CEA9D1E06A0}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\System32\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\ctbr.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 9495 bytes
Torna in alto
 
shapiro
Inviato: Thursday, July 30, 2009 3:33:16 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
erryr1 mi posti il log di navilog? lo trovi in C:\ come fixnavi.txt

manca anche il report di malwarebytes
Torna in alto
 
erryr1
Inviato: Thursday, July 30, 2009 3:56:59 PM
Rank: AiutAmico

Iscritto dal : 8/21/2001
Posts: 33
Fix Navipromo version 4.0.1 began on 30/07/2009 10.10.16,56

!!! Warning, this report may include legitimate files/programs!!!
!!! Post this report on the forum you are being helped !!!

Fix running from C:\Programmi\navilog1

Updated on 18.07.2009 at 11h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : BIOS Date: 11/15/02 15:11:16 Ver: 08.00.07
USER : Administrator ( Administrator )
BOOT : Normal boot

Antivirus : Panda Antivirus Pro 2009 8.00.00 (Not Activated)
Firewall : Panda Personal Firewall 2009 8.00.00 (Not Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:57 Go (Free:2 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Z:\ (Network Disk) - NTFS - Total:76 Go (Free:45 Go)


Search done in normal mode


No Infection Navipromo/Egdaccess Found



*** Scan completed 30/07/2009 10.38.43,07 ***


***************************************************************************


-----------La prima scansione-------------


Malwarebytes' Anti-Malware 1.39
Versione del database: 2529
Windows 5.1.2600 Service Pack 3

30/07/2009 10.39.16
mbam-log-2009-07-30 (10-39-16).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 86737
Tempo trascorso: 11 minute(s), 25 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 5
Chiavi di registro infette: 55
Valori di registro infetti: 4
Elementi dato del registro infetti: 0
Cartelle infette: 30
File infetti: 141

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Programmi\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> Delete on reboot.
C:\Programmi\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Programmi\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Programmi\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Programmi\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e8e2100-98cb-4aac-9480-63a281acaff5} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51b67a88-02d0-43cb-8d12-5ca3e2d4cf49} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d44cc2fb-77b8-48a5-a5dc-f961f2d258fb} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{22c12739-c111-44c6-9bb7-f335c2a9be2a} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{edb1a56e-2224-4c79-a4bd-42a39c6e4608} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{27ff1ee8-8ccc-49e1-b801-f212e3744e80} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{872a1c39-df0b-4c8b-ad84-12ba24a3b781} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\FFToolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome\locale (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome\locale\en-US (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\searchplugins (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programmi\Media Access Startup (Adware.DoubleD) -> Delete on reboot.
c:\programmi\media access startup\1.5.0.850 (Adware.DoubleD) -> Delete on reboot.
c:\programmi\media access startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF (Adware.DoubleD) -> Delete on reboot.
c:\programmi\media access startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\components (Adware.DoubleD) -> Delete on reboot.
C:\Programmi\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
c:\programmi\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> Delete on reboot.
c:\programmi\internet saving optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Delete on reboot.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Delete on reboot.
C:\Programmi\System Search Dispatcher (Adware.DoubleD) -> Delete on reboot.
c:\programmi\system search dispatcher\1.3.0.840 (Adware.DoubleD) -> Delete on reboot.
c:\programmi\system search dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

File infetti:
C:\Programmi\DoubleD\GamingHarbor Toolbar\4.1.3.20290\AIMActiveXDLL.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programmi\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> Delete on reboot.
C:\Programmi\DoubleD\GamingHarbor Toolbar\4.1.3.20290\OEActiveXDLL.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programmi\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\AxGifAnimator.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\gdiplus.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\HookAPINT.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\mfc80.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Microsoft.VC80.CRT.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Microsoft.VC80.MFC.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\msvcr80.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\MyDll.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\ProductInfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Riched20Smiley.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\SkinCrafterDll.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\stbAol.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\stbappHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\stbasst.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\stbIE.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\stbOLEX.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome\GamingHarborToolbar.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome\locale\en-US\global.dtd (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\DDAutoComplete.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\ISmileyCore.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\SmileyCore.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\TBFFHelper.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\TBFFHelper.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\searchplugins\gamingharborsearchplugins.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
c:\programmi\media access startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
c:\programmi\media access startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\media access startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
c:\programmi\internet saving optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\internet saving optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\system search dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\system search dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\system search dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\system search dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\programmi\system search dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.


***********************************************************************

-------------------la seconda scansione-----------------

Malwarebytes' Anti-Malware 1.39
Versione del database: 2529
Windows 5.1.2600 Service Pack 3

30/07/2009 14.48.56
mbam-log-2009-07-30 (14-48-56).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 208178
Tempo trascorso: 3 hour(s), 57 minute(s), 26 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\documents and settings\all users\dati applicazioni\{f444439b-b473-48e8-8de5-4cb929c79a9f}\OFFLINE\mfilebagide.dll\bag\SSD.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{26ba43c2-01a6-4536-9ae5-689c629e3fb0}\RP795\A0145878.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
Torna in alto
 
shapiro
Inviato: Thursday, July 30, 2009 7:02:50 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
malwaebytes ti ha eliminato tantissime minacce


vai nel pannello di controllo- strumenti - opzioni internet - scheda "contenuto" e cerca i certificati

Electronic-Group certificate

OOO-Favorit certificate

se li vedi, seleziona ed eliminali

fammi sapere come va il pc
Torna in alto
 
erryr1
Inviato: Friday, July 31, 2009 9:54:49 AM
Rank: AiutAmico

Iscritto dal : 8/21/2001
Posts: 33
grazie mille
tutto ok il pc si è ripreso perfettamente
Torna in alto
 
shapiro
Inviato: Friday, July 31, 2009 7:26:42 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

puoi postarmi un nuovo rapporto di hijackthis?
Torna in alto
 
erryr1
Inviato: Monday, August 03, 2009 9:35:06 AM
Rank: AiutAmico

Iscritto dal : 8/21/2001
Posts: 33
IL PROBLEMA SI è RIPRESENTATO



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.33.18, on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\PROGRAMMI\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\SpyTheSpy\SpyTheSpy.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PavJobs.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Microsoft Office\Office10\EXCEL.EXE
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Download-IT Toolbar - {7331ed91-b43e-4afe-92a8-f54e8976633f} - C:\Programmi\Download-IT\tbDown.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [OleAut32.dll] regsvr32.exe /s C:\WINDOWS\System32\OleAut32.dll
O4 - HKLM\..\RunOnce: [OlePro32.dll] regsvr32.exe /s C:\WINDOWS\System32\OlePro32.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: SpyTheSpy.lnk = C:\Programmi\SpyTheSpy\SpyTheSpy.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?edbd9ff4b48e42679bfec8d470c146d2
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?edbd9ff4b48e42679bfec8d470c146d2
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4481D22-0984-403F-A059-9CEA9D1E06A0}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\System32\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\ctbr.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 9478 bytes
Torna in alto
 
shapiro
Inviato: Monday, August 03, 2009 9:54:00 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
SpyTheSpy lo hai installato tu? io non vedo nessuna presenza del virus navipromo....che problemi hai col pc?



edit


Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
Torna in alto
 
erryr1
Inviato: Monday, August 03, 2009 10:27:20 AM
Rank: AiutAmico

Iscritto dal : 8/21/2001
Posts: 33
E' CAMBIATA LA PAGINA INIZIALE
Torna in alto
 
shapiro
Inviato: Monday, August 03, 2009 10:29:19 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
che browser usi?
Torna in alto
 
erryr1
Inviato: Monday, August 03, 2009 11:35:04 AM
Rank: AiutAmico

Iscritto dal : 8/21/2001
Posts: 33
firefox 3.5.1
Torna in alto
 
shapiro
Inviato: Monday, August 03, 2009 11:52:20 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
vai su strumenti\opzioni\principale e reimposta la pagina
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pagina brouser iniziale cambiata e apertura pagine di continuo


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.