• G
    User Newbie

    pubblicità automatizzata MALEDETTA -soluzioni?

    Ciao atutti. Anche io da qualche giorno sto avendo problemi con la pubblicità automatizzata.Ho provato con spybot, ccleaner ma niente da fare, al riavvio ricompare e pare provenire da un certo em.pc-on-internet. ho fatto una scansione con HijackThis 2.0.2 Potreste dare un occhiata al mio file di log? e potete dopo anche spiegami come devo fare ad eliminare il file infetto? come antivirus ho appena installaro spyware terminator completo di antivirus ed in piu ho ccleaner, che ne dite? vi ringrazio anticipatamente

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14.00.19, on 27/12/2008
    Platform:SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\BR040286.exe
    C:\Users\Utente\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\eMule\emule.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10a.ex e
    C:\Users\Utente\AppData\Local\Temp\Temp1_HiJackThi s[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = //w.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h://.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h://it.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h://it.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Guida per l'accesso a \windows live- {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Googl Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
    O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM..\Run: [BisonInst0402] C:\Windows\BR040286.exe
    O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM..\Run: [Skytel] Skytel.exe
    O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: \Crawler\Search - tbr:iemenu
    O9 - Extra button: Inserisci - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - h://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    0
  • G
    User Newbie

    Dimenticavo ho Vista,_e volevo chiedervi se secondo voi sarebbe meglio mettere mozilla come browser, in tanti me lo consigliano.

    0
  • D
    User Attivo

    Ciao, io con aiuto di JeanGrey ho risolto tutto perfettamente.

    0
  • G
    User Attivo

    Scarica combofix http://subs.geekstogo.com/ComboFix.exe e salvalo sul desktop.
    Chiudi tutti i programmi, disconnettiti e **disattiva l'antivirus!
    **Avvia combofix e segui le istruzioni a video per iniziare la scansione.
    Al termine di essa posta il log che comparirà e che trovi in C:\Combofix.txt

    NB: Disattiva l'AntiVirus che potrebbe erroneamente considerare combofix infetto.
    Potrebbe metterci del tempo a creare il log, lascialo lavorare image

    0
Effettua l'accesso per rispondere