Toggle sidebar Toggle sidebar

PROBLEMA Navigazione dirottata verso siti commerciali / sospetti

G

ghibo

Nuovo Utente
1
0
Buonasera a tutti, sono un nuovo utente, spero di aver compreso le regole per postare...
Ho un pc con Windows XP professional SP3.
Da qualche giorno la navigazione con IE8 viene dirottata (spesso) su siti non previsti.

Scansione con Malwarebytes' Anti Malware: Nessun problema riscontrato
Scansione con Hijackthis: allego il log
Codice: 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.21.55, on 26/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Programmi\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\WKICOSIMI\ClientGrafico\bin\cligrafsrv.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Documents and Settings\All Users\Dati applicazioni\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Programmi\Ask.com\Updater\Updater.exe
c:\Programmi\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\Ipsoware\Shared\WKIBackUpService.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Ipsoware\STUDI\sti\prg\com\cosimi\bin\studisrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\WinMsgBalloonServer.exe
C:\WINDOWS\system32\WinMsgBalloonClient.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Administrator\Desktop\sicurezza\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://g.uk.msn.com/HPCOM/11"]HP | MSN[/URL]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe" //eml:C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Directory temporanea 1 per Beretta 1915 Glisenti 1.zip\Storia della Beretta matricola 3577.eml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programmi\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Programmi\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [PDF Complete] C:\Programmi\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [PSUNMain] "C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Documents and Settings\All Users\Dati applicazioni\Panda Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programmi\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: [URL]http://*.mcafee.com[/URL] (HKLM)
O15 - Trusted Zone: [URL]http://betavscan.mcafeeasap.com[/URL] (HKLM)
O15 - Trusted Zone: [URL]http://vs.mcafeeasap.com[/URL] (HKLM)
O15 - Trusted Zone: [URL]http://www.mcafeeasap.com[/URL] (HKLM)
O15 - ESC Trusted Zone: [URL]http://*.mcafee.com[/URL] (HKLM)
O15 - ESC Trusted Zone: [URL]http://betavscan.mcafeeasap.com[/URL] (HKLM)
O15 - ESC Trusted Zone: [URL]http://vs.mcafeeasap.com[/URL] (HKLM)
O15 - ESC Trusted Zone: [URL]http://www.mcafeeasap.com[/URL] (HKLM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL]
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0236601271250363) (0236601271250363mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\023660~1.EXE (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Programmi\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: cligrafsrv - Unknown owner - C:\Programmi\WKICOSIMI\ClientGrafico\bin\cligrafsrv.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: SQL Recovery - Service - Wolters Kluver Italia srl - C:\PROGRA~1\Ipsoware\Shared\WKIBackUpService.exe
O23 - Service: Servizio di attivazione Studi WKI (studisrv) - Wolters Kluwer Italia Srl - C:\Ipsoware\STUDI\sti\prg\com\cosimi\bin\studisrv.exe
--
End of file - 10491 bytes

Non so come procedere per risolvere il problema, mi affido alla vostra sapienza!
Grazie e ciao



** update **

Nel frattempo, ho fatto altre azioni:

- ho disinstallato da pannello di controllo la barra di ask

- ho fatto girare Combofix, allego il log:
Codice: 
ComboFix 12-06-26.02 - Administrator 26/06/2012  21.52.10.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1789.1236 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\sicurezza\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-05-26 al 2012-06-26  )))))))))))))))))))))))))))))))))))
.
.
2012-06-26 19:10 . 2012-06-26 19:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2012-06-26 19:10 . 2012-06-26 19:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-06-26 19:10 . 2012-06-26 19:10 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-06-26 19:10 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 08:31 . 2012-06-14 08:31 -------- d-----w- C:\Parametri2012
2012-06-14 08:30 . 2012-05-09 10:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-13 05:45 . 2012-05-11 14:40 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-28 18:46 . 2012-05-28 19:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2012-05-28 18:46 . 2012-05-28 18:46 -------- d-----w- c:\programmi\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2008-04-14 09:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-04-14 09:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-04-14 09:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-14 09:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-04-14 09:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-04-14 09:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-04-14 09:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-04-14 09:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:21 . 2008-04-14 09:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2008-04-14 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2008-04-14 09:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 10:21 . 2010-05-27 16:20 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-09 08:47 . 2010-05-27 16:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 03:14 . 2008-04-14 09:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 09:00 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-04-14 09:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-30 18:15 . 2012-03-28 13:46 2516 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\programmi\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\programmi\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-18 39408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2009-07-02 344064]
"amd_dc_opt"="c:\programmi\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472]
"NortonOnlineBackupReminder"="c:\programmi\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"SetRefresh"="c:\programmi\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
"PSUNMain"="c:\programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Dati applicazioni\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\ipsoware\\STUDI\\sti\\prg\\com\\cosimi\\bin\\studisrv.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [02/04/2010 17.49.45 184888]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [23/11/2011 10.59.40 130312]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\programmi\AMD\RAIDXpert\bin\RAIDXpertService.exe [16/03/2009 0.47.22 122880]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service --> c:\programmi\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -service [?]
R2 cligrafsrv;cligrafsrv;c:\programmi\WKICOSIMI\ClientGrafico\bin\cligrafsrv.exe [22/01/2012 16.55.25 14848]
R2 MSSQL$WKI;SQL Server (WKI);c:\programmi\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/02/2007 5.29.54 29178224]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28/04/2011 13.58.54 140608]
R2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe [02/04/2010 9.15.38 635416]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [05/01/2012 14.10.09 144008]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 13.57.38 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 13.57.38 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [30/11/2011 19.37.24 112648]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 20.09.28 11032]
R2 SQL Recovery - Service;SQL Recovery - Service;c:\progra~1\Ipsoware\Shared\WKIBackUpService.exe [29/04/2010 9.02.05 61440]
R2 studisrv;Servizio di attivazione Studi WKI;c:\ipsoware\STUDI\sti\prg\com\cosimi\bin\studisrv.exe [22/01/2012 16.43.13 65536]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [02/04/2010 17.49.45 44800]
S2 0236601271250363mcinstcleanup;McAfee Application Installer Cleanup (0236601271250363);c:\docume~1\ADMINI~1\IMPOST~1\Temp\023660~1.EXE c:\progra~1\FILECO~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\023660~1.EXE c:\progra~1\FILECO~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [18/05/2010 21.17.29 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [18/05/2010 21.17.29 136176]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-26 c:\windows\Tasks\BVPYRHFUKG.job
- c:\windows\system32\kbdneprd.dll [2012-05-10 20:24]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-18 19:17]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-18 19:17]
.
2012-06-26 c:\windows\Tasks\User_Feed_Synchronization-{7F59FDD5-BBA5-4B5F-A22C-8A5833C69129}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\programmi\Outlook Express\msimn.exe" //eml:c:\docume~1\ADMINI~1\IMPOST~1\Temp\Directory temporanea 1 per Beretta 1915 Glisenti 1.zip\Storia della Beretta matricola 3577.eml
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]
Rootkit scan 2012-06-26 21:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-440721462-992296241-2924307496-500\Software\Microsoft\Internet Explorer\User Preferences] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,5a,43,c0,94,b4,cd,4f,8f,d5,17,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,09,8e,5d,f5,9e,bf,46,93,6c,1c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,ca,38,bd,c1,ea,de,4b,8f,e2,39,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2012-06-26  22:00:17
ComboFix-quarantined-files.txt  2012-06-26 20:00
ComboFix2.txt  2012-05-28 20:01
.
Pre-Run: 280.173.912.064 byte disponibili
Post-Run: 280.352.858.112 byte disponibili
.
- - End Of File - - 06D69FE8A391F99E5A817FE99C060D51

- ho fatto girare housecall di trend micro, che ha trovato la seguente minaccia: c:\windows\system32\kbdneprd.dll (TROJ_PONMCOP.SM1). Ho premuto il tasto FIX

- - - Updated - - -

Oggi devo dire che, dopo una giornata di test, il problema sembra risolto.
Probabilmente l'azione di housecall è stata determinante.
Mi prendo ancora un giorno prima di chiudere il post...

---

Confermo: si può chiudere!
 
Ultima modifica:
Devi accedere o registrarti per rispondere qui.

Ci sono discussioni simili a riguardo, dai un'occhiata!

sannythebest
HDD funziona ma mostra primi segni di malfunzionamento
Risposte
4
Visualizzazioni
407
Storage (HDD, SSD, M2, RAID e NAS)
Liupen
Liupen

Entra

Hai dimenticato la password?
oppure Accedi utilizzando
Discord Ufficiale Entra ora!

Discussioni Simili