successo anche a me
posta il risultato di un hijack this, ma ad occio è il plauncher.exe
ti rispondo io (grazie per la cortesia)
si con Hijackthis risulta
O4 - HKLM \ .. \ Run: [PosService] C: \ Documents and Settings \ All Users \ Documenti \ AppData \ PoApp \ PLauncher.exe
questo è il log completo
Logfile di Trend Micro HijackThis v2.0.4
Scansione salvato 8.11.02, il 17/08/2012
Piattaforma: Windows XP SP3 (WinNT 2600/05/01)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Modalità di avvio: Normale
Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Programmi \ COMODO \ COMODO Internet Security \ cmdagent.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Programmi \ File Comuni \ BitDefender \ BitDefender Communicator \ xcommsvr.exe
C: \ Programmi \ Ahead \ InCD \ InCDsrv.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmi \ AVAST Software \ Avast \ AvastSvc.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Programmi \ SUPERAntiSpyware \ SASCORE.EXE
C: \ Programmi \ Prevx \ prevx.exe
C: \ Programmi \ Java \ jre6 \ bin \ jqs.exe
C: \ Programmi \ File Comuni \ Microsoft Shared \ VS7Debug \ MDM.exe
C: \ Programmi \ Telecom Italia \ WanMiniport1st \ srvany.exe
C: \ Programmi \ Telecom Italia \ WanMiniport1st \ WanMiniport1st_srv.exe
C: \ Programmi \ CyberLink DVD Solution \ PowerDVD \ PDVDServ.exe
C: \ Programmi \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmi \ File Comuni \ Java \ Java Update \ jusched.exe
C: \ Programmi \ AVAST Software \ Avast \ avastUI.exe
C: \ Programmi \ COMODO \ COMODO Internet Security \ cfp.exe
C: \ Programmi \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ Google \ Chrome \ Application \ chrome.exe
C: \ Documents and Settings \ All Users \ Documenti \ AppData \ PoApp \ PService.exe
C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ Google \ Chrome \ Application \ chrome.exe
C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ Google \ Chrome \ Application \ chrome.exe
C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ Google \ Chrome \ Application \ chrome.exe
C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ Google \ Chrome \ Application \ chrome.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe
C: \ Documents and Settings \ Administrator \ Documenti \ Downloads \ HiJackThis.exe
C: \ WINDOWS \ system32 \ msfeedssync.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar =
%s - Crawler.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =
Search
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL =
MSN Italia: Hotmail, Messenger, Skype, Windows Live
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL =
Bing
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, SearchAssistant =
Internet Explorer Search
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, CustomizeSearch =
Search Assistant
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page =
Bing
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =
MSN Italia: Hotmail, Messenger, Skype, Windows Live
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
Internet Explorer Search
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
Search Assistant
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = COLLEGAMENTI
R3 - URLSearchHook: ZoneAlarm Toolbar - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C: \ Programmi \ ZoneAlarm \ prxtbZon2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C: \ Programmi \ File Comuni \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C: \ Programmi \ ZoneAlarm \ prxtbZon2.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C: \ Programmi \ Canon \ Easy-WebPrint \ EWPBrowseLoader.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C: \ Programmi \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480E-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C: \ Programmi \ AVAST Software \ Avast \ aswWebRepIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C: \ Programmi \ Google \ GoogleToolbarNotifier \ 5.6.5612.1312 \ swg.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C: \ Programmi \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C: \ Programmi \ Java \ jre6 \ lib \ deploy \ JQS \ ie \ jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C: \ Programmi \ Canon \ Easy-WebPrint \ Toolband.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10d-FC6124A40F8C} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C: \ Programmi \ ZoneAlarm \ prxtbZon2.dll
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C: \ Programmi \ AVAST Software \ Avast \ aswWebRepIE.dll
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Programmi \ CyberLink DVD Solution \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Programmi \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmi \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmi \ File Comuni \ Java \ Java Update \ jusched.exe"
O4 - HKLM \ .. \ Run: [avast] "C: \ Programmi \ AVAST Software \ Avast \ avastUI.exe" / nogui
O4 - HKLM \ .. \ Run: [COMODO Internet Security] "C: \ Programmi \ COMODO \ COMODO Internet Security \ cfp.exe"-h
O4 - HKLM \ .. \ Run: [PosService] C: \ Documents and Settings \ All Users \ Documenti \ AppData \ PoApp \ PLauncher.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmi \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKLM \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [swg] "C: \ Programmi \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe"
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE ('SYSTEM' Utente)
O4 - HKUS \ DEFAULT \ .. \ Run:. [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE ('User')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C: \ WINDOWS \ bdoscandel.exe
Menuitem Extra 'Strumenti' - O9: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C: \ WINDOWS \ bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Menuitem Extra 'Strumenti' - O9: @ xpsp3res.dll, -20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C: \ Programmi \ Messenger \ msmsgs.exe
Menuitem Extra 'Strumenti' - O9: Windows Messenger - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C: \ Programmi \ Messenger \ msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Giochi Freccette) -
http://194.244.16.123/g_bin/eng/darts_2_0_0_38.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} -
http://c6.community.alice.it/download/DownloaderActiveX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://www.fueps.com/gp/resources/games/puzzle/PopCapGames/popcaploader_v10.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
http://194.244.16.123/g_bin/eng/billard8_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Allenamento Pool) -
http://194.244.16.123/g_bin/eng/billardt_2_0_0_30.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {00FF6FDD-E2B1-4131-B1BD-6343D68C2B8F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {3C67B7B6-E5EF-4286-8CAD-77F69AD1BEFF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {456F19D4-558A-405E-AAB9-1060904D44C7}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {46689847-5473-403D-A494-1743C5E8AEC6}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {76D1F4A6-8315-4D25-AAF0-3A6A7A4E9952}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {80A34B0A-4BF3-49AA-B4E3-727E2D989131}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {89C8AE7F-88C5-441B-A144-E76DAEA25D44}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {BF692ED0-5356-418C-BC9E-C03B81024CEC}: NameServer = 85.37.17.13 85.38.28.81
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {CEC3C1F0-9B5A-4B27-BD7E-F938B75480C0}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {EC582778-54AC-4A0B-B86F-83101A9D3E8B}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ {00FF6FDD-E2B1-4131-B1BD-6343D68C2B8F}: NameServer = 176.31.229.24,176.31.229.25
O20 - AppInit_DLLs: C: \ WINDOWS \ system32 \ guard32.dll
O20 - Winlogon Notify: SASWinLogon - C: \ Programmi \ SUPERAntiSpyware \ SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C: \ WINDOWS \ system32 \ browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di di Componenti - {8C7461EF-2B13-11D2-BE35-3078302C2030} - C: \ WINDOWS \ system32 \ browseui.dll
O23 - Service: (! SASCORE) SAS Core Service - SUPERAntiSpyware.com - C: \ Programmi \ SUPERAntiSpyware \ SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C: \ WINDOWS \ system32 \ Macromed \ Flash \ FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - ALWIL Software - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C: \ Programmi \ AVAST Software \ Avast \ AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C: \ Programmi \ COMODO \ COMODO Internet Security \ cmdagent.exe
O23 - Service: CSIScanner - Prevx - C: \ Programmi \ Prevx \ prevx.exe
O23 - Service: getPlus (R) Helper - NOS Microsystems Ltd. - C: \ Programmi \ NOS \ bin \ getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Programmi \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Programmi \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programmi \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C: \ Programmi \ File Comuni \ BitDefender \ BitDefender Update Service \ livesrv.exe
O23 - Service: Network posizione WanMiniport First - ALWIL Software - C: \ Programmi \ Telecom Italia \ WanMiniport1st \ srvany.exe
O23 - Service: Servizio Pos (PowerOffer Service) - PowerOfferService - C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ PosService \ Pos.exe
O23 - Service: ServiceLayer - Nokia - C: \ Programmi \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ ServUpdater \ ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C: \ Documents and Settings \ Administrator \ Impostazioni Locali \ Dati Applicazioni \ SoftwareUpdater \ SoftwareUpdService.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C: \ Programmi \ File Comuni \ BitDefender \ BitDefender Communicator \ xcommsvr.exe
-
End of file - 13243 bytes
(grazie)
gli ho detto di provare a far un fix sul punto incriminato
