www.MegaLab.it

[lisa71]

Buongiorno. L'altro giorno improvvisamente il pc fisso dell'ufficio si collegava ad internet, ma non riusciva a caricare le pagine, sia con Mozilla che IE. Ho fatto la scansione con Hijackthis e ho trovato il programma PowerOffer, che sono riuscita a rimuovere grazie all'articolo di Crazy.cat "Come rimuovere completamente PowerOffer dai vostri computer", così come i servizi ServiceUpd e SoftwareUpdService. Grazie 1000! Ora funziona, un po' lentino ancora, ma va. Stamattina ho rifatto la scansione con hijackthis e vi posto il logo, cortesemente date un occhiata se c'è ancora qualche porcheria?
Grazie e buona giornata.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.42.44, on 23/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WKICOSIMI\clientgrafico\bin\cligrafsrv.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\F-Secure Internet Security\Common\FSHDLL32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\AssistOs.exe
C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Interwise\Participant\pull.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programmi\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programmi\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AssistOs] C:\WINDOWS\AssistOs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bit4id csp store register (M)] "RUNDLL32.EXE" "C:\WINDOWS\system32\bit4upki-store.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [IDProtect Monitor] "C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Push Client] C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\ATT Connect\Participant\pull.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Push Client.LNK = C:\Programmi\Interwise\Participant\pull.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1854377031
O17 - HKLM\System\CCS\Services\Tcpip\..\{17447BCB-1A97-4C0A-80F3-53D0B51852A9}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{17447BCB-1A97-4C0A-80F3-53D0B51852A9}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: cligrafsrv - Unknown owner - C:\Programmi\WKICOSIMI\clientgrafico\bin\cligrafsrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 7839 bytes

[sampei.nihira]

Buongiorno Lisa.
Mi viene il sospetto che potresti avere qualche sw installato non aggiornato.
E ciò dal fatto che il tuo Hijackthis è una ver obsoleta.
Sarebbe quindi opportuno sostituirlo e reinserire un log con la ver attuale.

Quindi più in generale ti consiglierei di aggiornare eventuali software installati facendo un controllo con Secunia PSI.

[lisa71]

Grazie per la risposta!
Ho aggiornato hijackthis e rifatto la scansione, allego il log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17.07.32, on 23/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WKICOSIMI\clientgrafico\bin\cligrafsrv.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\F-Secure Internet Security\Common\FSHDLL32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\AssistOs.exe
C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Interwise\Participant\pull.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Programmi\Secunia\PSI\PSIA.exe
C:\Programmi\Secunia\PSI\PSI_TRAY.exe
C:\Documents and Settings\utente\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programmi\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programmi\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AssistOs] C:\WINDOWS\AssistOs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bit4id csp store register (M)] "RUNDLL32.EXE" "C:\WINDOWS\system32\bit4upki-store.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [IDProtect Monitor] "C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Push Client] C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\ATT Connect\Participant\pull.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Push Client.LNK = C:\Programmi\Interwise\Participant\pull.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Programmi\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1854377031
O17 - HKLM\System\CCS\Services\Tcpip\..\{17447BCB-1A97-4C0A-80F3-53D0B51852A9}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{17447BCB-1A97-4C0A-80F3-53D0B51852A9}: NameServer = 8.8.8.8,8.8.4.4
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: cligrafsrv - Unknown owner - C:\Programmi\WKICOSIMI\clientgrafico\bin\cligrafsrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Programmi\Secunia\PSI\PSIA.exe

--
End of file - 8315 bytes

Ho scaricato Secunia PSI, ma si blocca nella seconda fase della scansione "Scanning for outdates programs - Updating scanning results", quasi al termine della barra di avanzamento lavoro.

Da stamattina si verifica un nuovo problema con firefox, non appena clikko Strumenti si blocca tutto. Non posso effettuare altre selezioni e neppure chiudere con "Termina adesso". Sono costretta a riavviare il pc. Ho reinstallato firefox, ma il problema persiste.

[sampei.nihira]

Il log a parte una riga da fixare poco importante non evidenzia problemi.
E' sempre improduttivo essere "infettati" sarebbe meglio prevenire.
Ma è cosa che pare non interessi quasi a nessuno.

Secondo me quel pc d'ufficio ha troppi programmi per andare bene con un OS old quale xp.
Precauzionalmente fai qualche altro scan on demand di accertamento tipo Hitman Pro,Malwarebytes antimalware......

[lisa71]

Grazie.
Ho fatto scansione con Hitman Pro, Malwarebytes antimalware e nuovamente con Hijackthis.
Il problema permane con firefox, che peraltro mi è sempre funzionato meglio e più velocemente di IE. Ora è lento, non riesco assolutamente ad agire nella barra degli strumenti, appena clikko Opzioni si blocca tutto e non riesco a chiudere Firefox se non riavviando il PC. Ho seguito i vari consigli di Mozilla Support, ma senza risultati.
Credo di aver eliminato definitivamente PowerOffer ed un paio di servizi.

Allego il log di Malwrebytes

Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org

Versione database: v2013.01.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
utente :: POSTO4 [amministratore]

28/01/2013 19.01.11
mbam-log-2013-01-28 (19-01-11).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 345413
Tempo impiegato: 1 ore, 34 minuti, 29 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

e di hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.58.12, on 29/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WKICOSIMI\clientgrafico\bin\cligrafsrv.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\F-Secure Internet Security\Common\FSHDLL32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Secunia\PSI\PSIA.exe
C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\AssistOs.exe
C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\ATT Connect\Participant\pull.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Secunia\PSI\psi_tray.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Programmi\WKICOSIMI\clientgrafico\bin\wkiterm.exe
C:\Documents and Settings\utente\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programmi\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programmi\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AssistOs] C:\WINDOWS\AssistOs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bit4id csp store register (M)] "RUNDLL32.EXE" "C:\WINDOWS\system32\bit4upki-store.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [IDProtect Monitor] "C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Push Client] C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\ATT Connect\Participant\pull.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Push Client.LNK = C:\Programmi\Interwise\Participant\pull.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Programmi\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1854377031
O17 - HKLM\System\CCS\Services\Tcpip\..\{17447BCB-1A97-4C0A-80F3-53D0B51852A9}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{17447BCB-1A97-4C0A-80F3-53D0B51852A9}: NameServer = 8.8.8.8,8.8.4.4
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: cligrafsrv - Unknown owner - C:\Programmi\WKICOSIMI\clientgrafico\bin\cligrafsrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Programmi\Secunia\PSI\PSIA.exe

--
End of file - 8429 bytes

Vedete ancora qualche porcheriuola?
Grazie1000.

[lisa71]

Buongiorno. La situazione è ancora peggiorata, ora anche IE funziona malissimo e non riesco ad aprire file. Si blocca totalmente e devo riavviare. Qualcuno ha qualche suggerimento o controllo da farmi fare? Grazie.

[Saro J. 1975]

Ciao lisa, qualche volta anche a me è capitato di avere questi blocchi che ho sempre risolto con adwcleaner! prova e fa sapere se come me sei riuscita a sbloccare questi fastidiosissimi problemucci! ;)

[Saro J. 1975]

Poi se devi necessariamente formattare, ti consiglio un programmino che ti evita di formattare: Macrium Reflect è un programma per creare una copia di riserva di tutto quello che è presente sul vostro disco fisso, dati, sistema operativo, programmi e configurazioni. Nel caso il vostro windows viene danneggiato da un programma, un virus o altro, basterà ripristinare la copia di riserva per riavere il computer come era nel momento che avevate fatto la copia! Buona fortuna ;)