Sono un nuovo iscritto.. ho dato un 'occhiata al forum e ho pensato che forse potreste darmi una mano a liberarmi di questo spyware/malware (che io identifico come EpoClik.com) che mi affligge da giorni e mi ha reso inservibili "Ad-Aware" e "Spybot Search and Destroy". Ho visto che anche altri hanno avuto problemi simili ma non ho trovato una soluzione "standard" da seguire.. per favore datemi una mano..
Ho già installato Hijack This e lanciato una scansione.. questo di seguito è il log che ne ho ricavato
- Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.38.43, on 27/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows
Workstations MP4\avp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Kaspersky Lab\NetworkAgent 8\klnagent.exe
C:\Programmi\Microsoft SQL Server\MSSQL$ARIC\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows
Workstations MP4\avp.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RayV\RayV\RayV.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\davide.signori\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\davide.signori\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\davide.signori\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\davide.signori\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\davide.signori\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File
comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program
files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File
comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
- C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [WrtMon.exe]
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File
comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus
6.0 for Windows Workstations MP4\avp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\davide.signori\Impostazioni locali\Dati
applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RayV] C:\Programmi\RayV\RayV\RayV.exe /background
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi ad Anti-Banner -
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows
Workstations MP4\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF -
res://C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Programmi\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Programmi\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiche Anti-Virus Web -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky
Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} -
C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) -
http://signori-dc01/ConnectComputer/nshelp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m
uweb_site.cab?1132582117750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
StudioSignori.local
O17 - HKLM\Software\..\Telephony: DomainName = StudioSignori.local
O17 -
HKLM\System\CCS\Services\Tcpip\..\{FF544F09-E76E-429C-8D27-972DA0F6521
2}: NameServer = 93.188.162.79,93.188.161.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
StudioSignori.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
93.188.162.79,93.188.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
93.188.162.79,93.188.161.12
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\prn.fzd
C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPE
R~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation -
C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab -
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows
Workstations MP4\avp.exe
O23 - Service: Bonjour Service - Apple Inc. -
C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -
C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. -
C:\Programmi\File comuni\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506
(GoogleDesktopManager-092308-165331) - Google -
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9771470e7eb42)
(gupdate1c9771470e7eb42) - Google Inc. -
C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google -
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,
Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Kaspersky Lab Network Agent (klnagent) - Kaspersky Lab -
C:\Programmi\Kaspersky Lab\NetworkAgent 8\klnagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. -
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
--
End of file - 10540 bytes
