Esegui 
MbaM:
Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org
Versione database: v2012.05.02.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pamela :: HOME-A6ABD40012 [amministratore]
03/05/2012 0.46.16
mbam-log-2012-04-20 (17-18-18).txt
Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 213643
Tempo impiegato: 26 minuti, 5 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 1
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Nessuna azione intrapresa.
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 1
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Cattivo: (1) Buono: (0) -> Nessuna azione intrapresa.
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 12
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008175.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008176.dll (PUP.Funmoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008177.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008179.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008180.exe (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008181.exe (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008210.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008211.dll (PUP.Funmoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008212.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008214.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008215.exe (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008217.exe (PUP.FunMoods) -> Nessuna azione intrapresa.
(fine)
http://www.malwarebytes.org
Versione database: v2012.05.02.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pamela :: HOME-A6ABD40012 [amministratore]
03/05/2012 0.46.16
mbam-log-2012-04-20 (17-18-18).txt
Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 213643
Tempo impiegato: 26 minuti, 5 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 1
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Nessuna azione intrapresa.
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 1
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Cattivo: (1) Buono: (0) -> Nessuna azione intrapresa.
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 12
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008175.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008176.dll (PUP.Funmoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008177.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008179.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008180.exe (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP46\A0008181.exe (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008210.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008211.dll (PUP.Funmoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008212.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008214.dll (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008215.exe (PUP.FunMoods) -> Nessuna azione intrapresa.
C:\System Volume Information\_restore{44A1D534-A77E-4288-8765-1F1A8634B348}\RP47\A0008217.exe (PUP.FunMoods) -> Nessuna azione intrapresa.
(fine)
Hijakthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1.31.26, on 03/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Online Armor\oaui.exe
C:\Programmi\Online Armor\OAhlp.exe
C:\Programmi\Online Armor\oasrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programmi\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S23C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4742121041
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Programmi\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Programmi\Online Armor\oasrv.exe
--
End of file - 5413 bytes
Scan saved at 1.31.26, on 03/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Online Armor\oaui.exe
C:\Programmi\Online Armor\OAhlp.exe
C:\Programmi\Online Armor\oasrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programmi\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S23C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4742121041
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Programmi\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Programmi\Online Armor\oasrv.exe
--
End of file - 5413 bytes
Grazie a chiunque mi può dare delucidazioni.
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
