Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Office fa le bizze? Photoshop non funziona più? Forse possiamo darti una mano...

APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » mer ago 12, 2009 11:51 am

Ciao a tutti
Da un po’ di tempo quando apro explorer e clikko su un sito di mio interesse o addirittura la pagina iniziale , mi si aprono pagine pubblicitarie che chiudo puntualmente ; uso l’antivirus mc afee, spyware terminator e spy bot . Come posso togliere questo problema?
Grazie e buona estate a tutti
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda ste_95 » mer ago 12, 2009 12:00 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » gio ago 13, 2009 6:47 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.43.09, on 13/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\iolo\common\lib\ioloServiceManager.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\documents and settings\proprietario\impostazioni locali\dati applicazioni\eomuwyw.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/portale/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "C:\Programmi\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [eomuwyw] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\eomuwyw.exe" eomuwyw
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servizio di Google Update (gupdate1c9f105e6f75df7) (gupdate1c9f105e6f75df7) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Programmi\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Programmi\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 12750 bytes
Ultima modifica di ba_61 il gio ago 13, 2009 8:31 pm, modificato 1 volta in totale.
Motivazione: Tag Log
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm


Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda ste_95 » gio ago 13, 2009 7:08 pm

Io avevo chiesto ComboFix, non HiJackThis.

Inoltre, i log vanno postati in questo modo.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » ven ago 14, 2009 11:54 am

scusa ma non ho mai usato combofix e non ho capito come inserire i log qui'; sono riuscito a fare una scansione con il suddetto programma ; provo a postarlo cosi' se sbaglio qualcosa per favore fammelo sapere .grazie.

ComboFix 09-08-10.06 - proprietario 14/08/2009 12.18.22.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1024.250 [GMT 2:00]
Eseguito da: c:\documents and settings\proprietario\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\Programmi\Windows Live Messenger .lnk
c:\documents and settings\proprietario\Dati applicazioni\inst.exe
c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw.dat
c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw.exe
c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw_nav.dat
c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw_navps.dat
c:\windows\Installer\1b28b1a.msp
c:\windows\Installer\35556a6.msi
c:\windows\Installer\35556a7.msp
c:\windows\Installer\35556a8.msp
c:\windows\Installer\35556a9.msp
c:\windows\Installer\35556aa.msp
c:\windows\Installer\35556ab.msp
c:\windows\Installer\35556ac.msp
c:\windows\Installer\35556ad.msp
c:\windows\Installer\35556ae.msp
c:\windows\Installer\35556af.msp
c:\windows\Installer\35556b0.msp
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Creati Da 2009-07-14 al 2009-08-14 )))))))))))))))))))))))))))))))))))
.

2009-08-13 13:22 . 2009-08-13 13:22 -------- d-----w- c:\programmi\Astonsoft
2009-08-08 16:24 . 2009-08-10 16:42 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 16:23 . 2009-08-08 16:23 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-08 16:20 . 2009-08-09 05:50 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-07 19:48 . 2009-08-07 19:48 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\Auslogics
2009-08-07 19:19 . 2009-08-07 19:19 -------- d-----w- c:\programmi\CCleaner
2009-08-07 16:11 . 2009-08-07 16:11 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\PCToolsFirewallPlus
2009-08-07 16:04 . 2009-08-07 16:41 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-08-06 17:39 . 2009-08-06 17:39 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2009-08-06 17:39 . 2009-08-06 17:39 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2009-08-06 17:39 . 2009-08-06 17:39 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-06 17:39 . 2009-08-13 18:02 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\Spyware Terminator
2009-08-06 17:39 . 2009-08-14 08:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-08-06 17:39 . 2009-08-06 18:10 -------- d-----w- c:\programmi\Spyware Terminator
2009-08-06 13:42 . 2009-08-06 13:52 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-28 19:28 . 2009-05-13 21:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-28 19:28 . 2009-05-13 21:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-28 19:28 . 2009-05-13 21:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-28 19:28 . 2009-04-09 12:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-28 19:28 . 2009-07-28 19:28 -------- d-----w- c:\programmi\File comuni\McAfee
2009-07-28 19:28 . 2009-07-28 19:28 -------- d-----w- c:\programmi\McAfee.com
2009-07-28 19:27 . 2009-07-28 23:26 -------- d-----w- c:\programmi\McAfee
2009-07-28 19:23 . 2009-05-13 21:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-17 23:43 . 2009-08-01 20:43 -------- d-----w- c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 13:07 . 2007-08-04 17:54 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-12 16:04 . 2008-03-05 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-08-12 15:56 . 2007-07-20 18:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-08-10 22:49 . 2007-03-22 14:05 78184 -c--a-w- c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-10 17:07 . 2001-08-31 15:00 93722 ----a-w- c:\windows\system32\perfc010.dat
2009-08-10 17:07 . 2001-08-31 15:00 515080 ----a-w- c:\windows\system32\perfh010.dat
2009-08-08 18:00 . 2007-03-22 15:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-08 16:23 . 2007-07-28 11:17 -------- d-----w- c:\programmi\MSBuild
2009-08-07 19:48 . 2007-07-25 19:47 -------- d-----w- c:\programmi\AusLogics Disk Defrag
2009-08-07 19:12 . 2008-09-07 18:07 -------- d-----w- c:\programmi\Teen Spirit
2009-08-07 19:12 . 2008-11-06 19:00 -------- d-----w- c:\programmi\IObit
2009-08-07 16:34 . 2008-08-11 18:50 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-05 09:05 . 2004-08-19 13:39 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 19:32 . 2008-08-27 09:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-07-17 18:56 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-19 13:39 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:13 . 2007-10-14 20:49 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\dvdcss
2009-07-10 18:17 . 2008-07-07 18:43 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\U3
2009-06-30 19:24 . 2008-04-29 18:50 52634 -c--a-w- c:\documents and settings\proprietario\Dati applicazioni\mdbu.bin
2009-06-29 15:55 . 2004-08-19 13:39 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2004-08-19 13:39 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 17:09 . 2007-07-29 10:31 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\XnView
2009-06-25 18:34 . 2004-08-19 13:39 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:34 . 2004-08-19 13:39 519168 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:34 . 2004-08-19 13:39 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:34 . 2004-08-19 13:39 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:34 . 2004-08-19 13:39 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:34 . 2004-08-19 13:39 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:34 . 2004-08-19 13:39 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:34 . 2004-08-19 13:39 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:34 . 2004-08-19 13:39 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:34 . 2004-08-19 13:39 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:34 . 2004-08-19 13:39 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:34 . 2004-08-19 13:39 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-23 14:13 . 2007-07-19 15:05 -------- d-----r- c:\programmi\Video
2009-06-22 11:49 . 2004-08-19 13:39 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-19 13:39 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-19 13:39 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-19 17:49 . 2009-06-19 17:49 -------- d-----w- c:\programmi\File comuni\xing shared
2009-06-19 17:49 . 2008-03-24 15:32 -------- d-----w- c:\programmi\File comuni\Real
2009-06-19 17:49 . 2007-08-05 16:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-19 17:49 . 2007-08-05 16:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-19 17:46 . 2007-07-19 15:22 -------- d-----w- c:\programmi\Google
2009-06-16 14:53 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-08-31 15:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:32 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:32 . 2004-08-19 13:39 82432 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:23 . 2004-08-19 13:39 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:26 . 2004-08-19 13:39 134144 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:04 . 2007-03-22 11:33 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:25 . 2004-08-19 13:39 1295872 ----a-w- c:\windows\system32\quartz.dll
2008-10-06 21:43 . 2008-09-21 17:09 103 -c--a-w- c:\programmi\MegaLab.it.url
2008-03-01 13:32 . 2008-03-01 13:32 15251 -c--a-w- c:\programmi\settings.dat
2007-04-01 16:41 . 2007-07-19 15:05 520 -c--a-w- c:\programmi\spider.sav
2004-10-01 13:00 . 2007-07-19 15:03 40960 -c--a-w- c:\programmi\Uninstall_CDS.exe
2002-03-11 09:06 . 2002-03-11 09:06 1822520 -c--a-w- c:\programmi\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 -c--a-w- c:\programmi\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2007-04-11 1661304]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-06 2235408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-06 3055616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-01 148888]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-06-19 198160]
"mcagent_exe"="c:\programmi\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-09 1176808]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-06 2171904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\proprietario\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-29 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\File comuni\\McAfee\\MNA\\McNASvc.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [06/08/2009 19.39.50 142592]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\programmi\iolo\Common\Lib\ioloServiceManager.exe [06/11/2008 22.39.28 596840]
R2 ioloSystemService;iolo System Service;c:\programmi\iolo\Common\Lib\ioloServiceManager.exe [06/11/2008 22.39.28 596840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [28/07/2009 21.31.14 206112]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12.38.14 92008]
S2 gupdate1c9f105e6f75df7;Servizio di Google Update (gupdate1c9f105e6f75df7);c:\programmi\Google\Update\GoogleUpdate.exe [19/06/2009 19.46.39 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2C4.tmp --> c:\windows\system32\2C4.tmp [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - uphcleanhlp
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-19 17:46]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-19 17:46]

2009-07-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 06:57]

2009-07-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 06:57]

2009-08-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2009-08-06 13:31]

2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{B4409BC6-225A-4808-8F5E-3C62CA67C010}.job
- c:\windows\system32\msfeedssync.exe [2007-07-30 16:36]

2009-08-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-eomuwyw - c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\eomuwyw.exe
Notify-WgaLogon - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
.
------- Associazioni dei file -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 12:31
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2C4.tmp"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\programmi\File comuni\McAfee\MNA\McNASvc.exe
c:\progra~1\FILECO~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VirusScan\Mcshield.exe
c:\programmi\McAfee\MPF\MpfSrv.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\UPHClean\uphclean.exe
c:\windows\system32\searchindexer.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-14 12.41.22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-14 10:41

Pre-Run: 24.855.035.904 byte disponibili
Post-Run: 24.986.583.040 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

276 --- E O F --- 2009-08-12 16:09
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda ste_95 » ven ago 14, 2009 12:02 pm

Ora non dovresti più avere il problema delle pubblicità, me lo confermi?
Carica per sicurezza il file c:\windows\system32\2C4.tmp su http://www.virustotal.com. [;)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » ven ago 14, 2009 1:32 pm

scusami l'ignoranza in materia ma come faccio a caricare il file c:\windows\system32\2C4.tmp su http://www.virustotal.com?
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda crazy.cat » ven ago 14, 2009 2:02 pm

pirataunico ha scritto:scusami l'ignoranza in materia ma come faccio a caricare il file c:\windows\system32\2C4.tmp su http://www.virustotal.com?

Leggi
http://www.MegaLab.it/2425/controllo-on ... volta-sola

La pubblicità è scomparsa?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » ven ago 14, 2009 8:02 pm

scusami; si' per un po' dopo che ti ho postato il log le pagine pubblicitarie sono sparite, poi ho fatto un errore mentre facevo un alta operazione e ho dovuto fare il punto di ripristinno a oggi alle 12.00 e adesso le pagine pubblicitaie si aprono di nuovo; come posso fare?
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda ste_95 » ven ago 14, 2009 8:31 pm

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw.dat
c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw.exe
c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw_nav.dat
c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw_navps.dat


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » sab ago 15, 2009 1:54 pm

inanzitutto garzie infinite per il tempo e l'aiuto che mi stai dedicando; passo adesso qui' sotto a mandarti i risultati dell'operazione che mi hi consigliato con avenger.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw.dat" not found!
Deletion of file "c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw.exe" not found!
Deletion of file "c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw_nav.dat" not found!
Deletion of file "c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw_nav.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw_navps.dat" not found!
Deletion of file "c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\eomuwyw_navps.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda crazy.cat » sab ago 15, 2009 1:56 pm

Rifai la scansione con combofix perché non ha cancellato niente.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » sab ago 15, 2009 1:58 pm

ok
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » sab ago 15, 2009 3:02 pm

ecco i risultati con la scansione con combo

ComboFix 09-08-10.06 - proprietario 15/08/2009 15.31.39.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1024.493 [GMT 2:00]
Eseguito da: c:\documents and settings\proprietario\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\Programmi\Windows Live Messenger .lnk
c:\documents and settings\proprietario\Dati applicazioni\inst.exe
c:\windows\Installer\35556a6.msi
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Creati Da 2009-07-15 al 2009-08-15 )))))))))))))))))))))))))))))))))))
.

2009-08-14 17:49 . 2009-08-14 17:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-14 11:37 . 2009-08-14 17:49 -------- d-----w- C:\RECYCLER(2)
2009-08-14 11:19 . 2009-08-14 17:49 -------- d-----w- c:\programmi\Navilog1
2009-08-13 13:22 . 2009-08-13 13:22 -------- d-----w- c:\programmi\Astonsoft
2009-08-08 16:24 . 2009-08-10 16:42 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 16:23 . 2009-08-08 16:23 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-08 16:20 . 2009-08-09 05:50 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-07 19:48 . 2009-08-07 19:48 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\Auslogics
2009-08-07 19:19 . 2009-08-07 19:19 -------- d-----w- c:\programmi\CCleaner
2009-08-07 16:11 . 2009-08-07 16:11 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\PCToolsFirewallPlus
2009-08-07 16:04 . 2009-08-07 16:41 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-08-06 17:39 . 2009-08-06 17:39 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2009-08-06 17:39 . 2009-08-06 17:39 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2009-08-06 17:39 . 2009-08-06 17:39 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-06 17:39 . 2009-08-13 18:02 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\Spyware Terminator
2009-08-06 17:39 . 2009-08-14 08:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-08-06 17:39 . 2009-08-15 13:43 -------- d-----w- c:\programmi\Spyware Terminator
2009-08-06 13:42 . 2009-08-06 13:52 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-28 19:28 . 2009-05-13 21:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-28 19:28 . 2009-05-13 21:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-28 19:28 . 2009-05-13 21:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-28 19:28 . 2009-04-09 12:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-28 19:28 . 2009-07-28 19:28 -------- d-----w- c:\programmi\File comuni\McAfee
2009-07-28 19:28 . 2009-07-28 19:28 -------- d-----w- c:\programmi\McAfee.com
2009-07-28 19:27 . 2009-07-28 23:26 -------- d-----w- c:\programmi\McAfee
2009-07-28 19:23 . 2009-05-13 21:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-17 23:43 . 2009-08-01 20:43 -------- d-----w- c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 12:13 . 2007-08-04 17:54 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-14 19:10 . 2007-03-22 15:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-14 11:48 . 2001-08-31 15:00 515080 ----a-w- c:\windows\system32\perfh010.dat
2009-08-14 11:48 . 2001-08-31 15:00 93722 ----a-w- c:\windows\system32\perfc010.dat
2009-08-12 16:04 . 2008-03-05 14:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-08-12 15:56 . 2007-07-20 18:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-08-10 22:49 . 2007-03-22 14:05 78184 -c--a-w- c:\documents and settings\proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-08 16:23 . 2007-07-28 11:17 -------- d-----w- c:\programmi\MSBuild
2009-08-07 19:48 . 2007-07-25 19:47 -------- d-----w- c:\programmi\AusLogics Disk Defrag
2009-08-07 19:12 . 2008-09-07 18:07 -------- d-----w- c:\programmi\Teen Spirit
2009-08-07 19:12 . 2008-11-06 19:00 -------- d-----w- c:\programmi\IObit
2009-08-07 16:34 . 2008-08-11 18:50 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-05 09:05 . 2004-08-19 13:39 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 19:32 . 2008-08-27 09:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-07-17 18:56 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-19 13:39 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:13 . 2007-10-14 20:49 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\dvdcss
2009-07-10 18:17 . 2008-07-07 18:43 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\U3
2009-06-30 19:24 . 2008-04-29 18:50 52634 -c--a-w- c:\documents and settings\proprietario\Dati applicazioni\mdbu.bin
2009-06-29 15:55 . 2004-08-19 13:39 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2004-08-19 13:39 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 17:09 . 2007-07-29 10:31 -------- d-----w- c:\documents and settings\proprietario\Dati applicazioni\XnView
2009-06-25 18:34 . 2004-08-19 13:39 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:34 . 2004-08-19 13:39 519168 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:34 . 2004-08-19 13:39 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:34 . 2004-08-19 13:39 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:34 . 2004-08-19 13:39 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:34 . 2004-08-19 13:39 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:34 . 2004-08-19 13:39 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:34 . 2004-08-19 13:39 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:34 . 2004-08-19 13:39 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:34 . 2004-08-19 13:39 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:34 . 2004-08-19 13:39 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:34 . 2004-08-19 13:39 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-23 14:13 . 2007-07-19 15:05 -------- d-----r- c:\programmi\Video
2009-06-22 11:49 . 2004-08-19 13:39 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-19 13:39 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-19 13:39 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-19 17:49 . 2009-06-19 17:49 -------- d-----w- c:\programmi\File comuni\xing shared
2009-06-19 17:49 . 2008-03-24 15:32 -------- d-----w- c:\programmi\File comuni\Real
2009-06-19 17:49 . 2007-08-05 16:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-19 17:49 . 2007-08-05 16:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-19 17:46 . 2007-07-19 15:22 -------- d-----w- c:\programmi\Google
2009-06-16 14:53 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-08-31 15:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:32 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:32 . 2004-08-19 13:39 82432 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:23 . 2004-08-19 13:39 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:26 . 2004-08-19 13:39 134144 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:04 . 2007-03-22 11:33 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:25 . 2004-08-19 13:39 1295872 ----a-w- c:\windows\system32\quartz.dll
2008-10-06 21:43 . 2008-09-21 17:09 103 -c--a-w- c:\programmi\MegaLab.it.url
2008-03-01 13:32 . 2008-03-01 13:32 15251 -c--a-w- c:\programmi\settings.dat
2007-04-01 16:41 . 2007-07-19 15:05 520 -c--a-w- c:\programmi\spider.sav
2004-10-01 13:00 . 2007-07-19 15:03 40960 -c--a-w- c:\programmi\Uninstall_CDS.exe
2002-03-11 09:06 . 2002-03-11 09:06 1822520 -c--a-w- c:\programmi\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 -c--a-w- c:\programmi\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2007-04-11 1661304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"eomuwyw"="c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\eomuwyw.exe" [BU]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-06 3055616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-01 148888]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-06-19 198160]
"mcagent_exe"="c:\programmi\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-09 1176808]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-06 2171904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\proprietario\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-29 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\File comuni\\McAfee\\MNA\\McNASvc.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [06/08/2009 19.39.50 142592]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\programmi\iolo\Common\Lib\ioloServiceManager.exe [06/11/2008 22.39.28 596840]
R2 ioloSystemService;iolo System Service;c:\programmi\iolo\Common\Lib\ioloServiceManager.exe [06/11/2008 22.39.28 596840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [28/07/2009 21.31.14 206112]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12.38.14 92008]
S2 gupdate1c9f105e6f75df7;Servizio di Google Update (gupdate1c9f105e6f75df7);c:\programmi\Google\Update\GoogleUpdate.exe [19/06/2009 19.46.39 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2C4.tmp --> c:\windows\system32\2C4.tmp [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - uphcleanhlp
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-19 17:46]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-19 17:46]

2009-08-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 06:57]

2009-07-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 06:57]

2009-08-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2009-08-06 13:31]

2009-08-14 c:\windows\Tasks\User_Feed_Synchronization-{B4409BC6-225A-4808-8F5E-3C62CA67C010}.job
- c:\windows\system32\msfeedssync.exe [2007-07-30 16:36]

2009-08-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia a &Bluetooth
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
.
------- Associazioni dei file -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 15:43
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2C4.tmp"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\programmi\File comuni\McAfee\MNA\McNASvc.exe
c:\progra~1\FILECO~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VirusScan\Mcshield.exe
c:\programmi\McAfee\MPF\MpfSrv.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\UPHClean\uphclean.exe
c:\windows\system32\searchindexer.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-15 15.55.27 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-15 13:55

Pre-Run: 25.641.570.304 byte disponibili
Post-Run: 25.626.206.208 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe

262 --- E O F --- 2009-08-12 16:09
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda ste_95 » sab ago 15, 2009 7:41 pm

Tutto a posto?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » sab ago 15, 2009 7:52 pm

adesso vedo ti rispondo tra' 10 minuti
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » sab ago 15, 2009 8:31 pm

si tutto a posto le pagine non si aprono piu'.
vi ringrazio tutti per il tempo che mi avete dedicato e x i vs consigli che mi hanno fatto risolvere il problema.....garzie ancora
a tutti auguro una bellissima estate
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda ste_95 » dom ago 16, 2009 7:31 am

[^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda pirataunico » dom ago 16, 2009 4:56 pm

il problema e' che adesso il computer e' lentissimo a fare operazioni come aprire programmi, pagine etc....
Avatar utente
pirataunico
Senior Member
Senior Member
 
Messaggi: 306
Iscritto il: lun apr 17, 2006 1:35 pm

Re: APERTURA PAGINE PUBBLICITARIE SU EXPLORER

Messaggioda ste_95 » dom ago 16, 2009 5:54 pm

«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Prossimo

Torna a Software

Chi c’è in linea

Visitano il forum: Nessuno e 14 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising