Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

problema con i POP UP??

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

problema con i POP UP??

Postdi elena_fire » 24/03/09 22:44

E' ormai una settimana che se mi stacco dal computer anche solo per mezz'ora, ANCHE con explorer chiuso, mi ritrovo almeno 2 pagine di internet, magicamente materealizzate dal nulla, con pubblicità di emule, di tele2...insomma di tutto!

Ho provato ad usare HiJack This, ma a dare una rapida occhiata non ho notato nulla di sospetto. Ho provato a cercare su google alcune cose ma si sono rivelate parti normali del sistema.. Di solito la pubblicità appare con l'indirizzo "CiD adserver5" o qualcosa del genere.
Ho provato a scannerizzare il computer con SpyBot, Superantispyware..ma non sono riuscita a risolvere il problema.
Questo è il log che ho fatto ora.
Ne devo fare uno anche quando appare la pubblicità o il problema si potrebbe individuare anche da questo log?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.01.45, on 24/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\Programmi\Google\Quick Search Box\qsb.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\CA\CA Internet Security Suite\ccprovsp.exe
C:\DOCUME~1\ELENA\IMPOST~1\Temp\Rar$EX00.766\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://eleninascialo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Programmi\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 4379 bytes
╔════════♫ELENA═══════════════╗
Breaking the city's heart together
finally it's our time now

╚═════FIRENZE TI ADORO♪═════════╝
Avatar utente
elena_fire
Utente Junior
 
Post: 18
Iscritto il: 18/05/08 18:38

Sponsor
 

Re: problema con i POP UP??

Postdi Luke57 » 24/03/09 23:47

Ciao, prova con carica combofix; scaricalo sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disattiva l'antivirus, se lo hai, disconnettiti da internet, chiudi programmi e applicazioni .
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se spariscono le icone dal desktop è normale, acconsenti all'eventuale proposta del programma di eliminazione di drive),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia in modalità normale e posta il contenuto del file o allegalo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con i POP UP??

Postdi elena_fire » 25/03/09 15:43

Eccolo...su questo ci capisco ancora meno :eeh:
ComboFix 09-03-23.01 - ELENA 2009-03-25 15.29.57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1023.680 [GMT 1:00]
Eseguito da: c:\documents and settings\ELENA\desktop\combofix.exe
Opzioni usate :: /killall
AV: CA Anti-Virus *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((( Files Creati Da 2009-02-25 al 2009-03-25 )))))))))))))))))))))))))))))))))))
.

2009-03-24 21:27 . 2009-03-24 21:27 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-03-24 21:27 . 2009-03-24 21:27 <DIR> d-------- c:\documents and settings\ELENA\Dati applicazioni\SUPERAntiSpyware.com
2009-03-24 21:27 . 2009-03-24 21:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-03-24 21:26 . 2009-03-24 21:26 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-03-24 21:16 . 2009-03-24 21:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-03-24 20:02 . 2009-03-24 20:02 <DIR> d-------- c:\programmi\CCleaner
2009-03-24 19:59 . 2009-03-24 19:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-23 18:05 . 2009-03-23 18:07 <DIR> d-------- c:\programmi\Google
2009-03-22 17:28 . 2009-03-22 17:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\File dvd base road
2009-03-22 17:27 . 2009-03-22 17:27 <DIR> d-------- c:\programmi\DateRectSave
2009-03-22 17:27 . 2009-03-22 17:27 <DIR> d-------- c:\programmi\Crcle Developement
2009-03-22 17:27 . 2009-03-22 17:28 <DIR> d-------- c:\documents and settings\ELENA\Dati applicazioni\DateRectSave
2009-02-26 18:33 . 2009-02-26 18:33 <DIR> d-------- c:\programmi\Enlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 14:34 --------- d-----w c:\programmi\DNA
2009-03-25 14:34 --------- d-----w c:\documents and settings\ELENA\Dati applicazioni\DNA
2009-03-24 20:17 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-24 19:03 --------- d-----w c:\programmi\Yahoo!
2009-03-24 17:24 --------- d-----w c:\programmi\eMule
2009-03-22 16:27 --------- d-----w c:\programmi\Messenger Plus! Live
2009-03-03 18:21 --------- d-----w c:\documents and settings\ELENA\Dati applicazioni\BitTorrent
2009-02-26 17:40 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-23 15:57 --------- d-----w c:\documents and settings\CINZIA\Dati applicazioni\BitTorrent
2009-02-15 09:10 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-15 09:08 --------- d-----w c:\programmi\Activision
2009-02-15 09:07 --------- d-----w c:\programmi\File comuni\InstallShield
2009-02-10 13:27 --------- d-----w c:\programmi\Imperivm Civitas III
2009-02-07 20:34 --------- d-----w c:\programmi\Microsoft.NET
2009-02-07 17:46 --------- d-----w c:\documents and settings\CINZIA\Dati applicazioni\Cartella di caricamento Share-to-Web
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2008-12-22 342848]
"Heart body"="c:\docume~1\ELENA\DATIAP~1\DATERE~1\store bias.exe" [2009-03-22 622592]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-23 39408]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\programmi\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-01-24 177392]
"CAVRID"="c:\programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"AliceRE_McciTrayApp"="c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE" [2006-11-21 936960]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\qsb.exe" [2009-03-23 68592]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-11-07 217088]
hp psc 2000 Series.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 323646]
officejet 6100.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 147456]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programmi\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-11-07 8192]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-24 c:\windows\Tasks\A2A26A679181E873.job
- c:\docume~1\elena\datiap~1\datere~1\Heck Seek Thunk.exe [2009-03-22 17:28]

2009-02-11 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1226060248.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 01:46]

2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{34CD7E62-F6EC-4385-B8A6-F46C7013AED5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ELENA\Dati applicazioni\Mozilla\Firefox\Profiles\aw3n7a62.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 15:36:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1328)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1556)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\McciTrayApp.exe
c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-25 15:39:25 - Il pc è stato riavviato [ELENA]
ComboFix-quarantined-files.txt 2009-03-25 14:39:22

Pre-Run: 43.685.564.416 byte disponibili
Post-Run: 43,768,852,480 byte disponibili

157
╔════════♫ELENA═══════════════╗
Breaking the city's heart together
finally it's our time now

╚═════FIRENZE TI ADORO♪═════════╝
Avatar utente
elena_fire
Utente Junior
 
Post: 18
Iscritto il: 18/05/08 18:38

Re: problema con i POP UP??

Postdi elena_fire » 26/03/09 19:18

il problema continua a persistere. Ho provato a scannerizzare il computer con SpyBot, malwarebytes e pc clean ma niente...non hanno funzionato. Le pubblicità continuano ad apparire :cry:
╔════════♫ELENA═══════════════╗
Breaking the city's heart together
finally it's our time now

╚═════FIRENZE TI ADORO♪═════════╝
Avatar utente
elena_fire
Utente Junior
 
Post: 18
Iscritto il: 18/05/08 18:38

Re: problema con i POP UP??

Postdi Luke57 » 27/03/09 23:30

Ciao, scarica sul desktop
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file. Allega il file con estensione .zip nella tua prossima risposta.

Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.

NB
la durata della scansione può risultare lunga, potrebbe addirittura sembrare che il programma non stia lavorando, non preoccuparti non è così
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con i POP UP??

Postdi elena_fire » 29/03/09 11:26

Fatto...ma se nel computer ho più utenti devo scannerizzarli tutti?
Allegati

[L’estensione zip è stata disattivata e non puó essere visualizzata.]

╔════════♫ELENA═══════════════╗
Breaking the city's heart together
finally it's our time now

╚═════FIRENZE TI ADORO♪═════════╝
Avatar utente
elena_fire
Utente Junior
 
Post: 18
Iscritto il: 18/05/08 18:38

Re: problema con i POP UP??

Postdi Luke57 » 29/03/09 14:45

Ciao, non ho visto granchè. Prova a eliminare i file temp; apri ccleaner, clicca su "Opzioni" e poi su "Avanzate", leva la spunta se è presente dall'opzione "cancella file in windows temp solo se più vecchi di 48 ore", adesso puoi avviare la pulizia cliccando su Avvia ccleaner.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con i POP UP??

Postdi elena_fire » 30/03/09 16:33

provato..ma il problema c'è ancora...certo che questi cosi si nascondono parecchio bene!Chissà in quale remota parte del mio computer si annida :evil: !C'è altro che posso fare o è da formattare :undecided: ?
╔════════♫ELENA═══════════════╗
Breaking the city's heart together
finally it's our time now

╚═════FIRENZE TI ADORO♪═════════╝
Avatar utente
elena_fire
Utente Junior
 
Post: 18
Iscritto il: 18/05/08 18:38

Re: problema con i POP UP??

Postdi Luke57 » 30/03/09 17:07

Ciao, apri un file di testo dal blocco note di windows, al suo interno copia e incolla lo script in neretto, virgolette comprese.


Windows Registry Editor Version 5.00

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Heart body"=-
;


salva il file in C con il nome di fix.reg cambiando ovviamente la sua estensione da .txt a .reg
tipo di file= tutti i file

Poi apri SystemScan>Clicca su "Removal Script".
Allinterno del box bianco copia ed incolla i valori riportati qui sotto in neretto:

Files to delete:
C:\WINDOWS\sed.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\zip.exe
C:\DOCUME~1\ELENA\DATIAP~1\DATERE~1\store bias.exe

Programs to launch on reboot:
C:\fix.reg




clicca su "Proceed with removal" e poi su OK.

Il pc dovrebbe riavviarsi da solo, diversamente riavvialo manualmente

Portati in C:\ postami il contenuto del log generato da Avenger (avenger.txt)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con i POP UP??

Postdi elena_fire » 31/03/09 14:45

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mncwofyx

*******************

Script file located at: \??\C:\WINDOWS\qeqbumna.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\sed.exe deleted successfully.
File C:\WINDOWS\grep.exe deleted successfully.
File C:\WINDOWS\zip.exe deleted successfully.
File C:\DOCUME~1\ELENA\DATIAP~1\DATERE~1\store bias.exe deleted successfully.
Program C:\fix.reg successfully set up to run once on reboot.
Program C:\Documents and Settings\ELENA\Desktop\sys24842.exe successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.


Eccolo qua!!E mi sa proprio che questa è la volta buona perchè le pubblicità finalmente sono SPARITE!!! :lol:
Ti ringrazio veramente tantissimo per la tua pazienza :)
╔════════♫ELENA═══════════════╗
Breaking the city's heart together
finally it's our time now

╚═════FIRENZE TI ADORO♪═════════╝
Avatar utente
elena_fire
Utente Junior
 
Post: 18
Iscritto il: 18/05/08 18:38

Re: problema con i POP UP??

Postdi Elbast » 26/07/09 14:35

salve a tutti,io ho da qualche settimana lo stesso problema dei pop up...pensavo fosse una cosa da niente invece continuano a spuntare ogni volta che il pc è acceso e connesso..ho provato con ccleaner ma nulla,ho cambiato alcune impostazioni di internet explorer ma niente anche da li...leggendo il topic ho pensato che possa funzionare anche col mio problema xo sn abbastanza ingnorante in tema e quindi vorrei il vostro aiuto....seguendo cio che ha suggerito luke ho scaricato systemscan e combofix e ho fatto la scansione,ma nn so che codice immettere a combofix perche funzioni...potete aiutarmi? :(
Elbast
Newbie
 
Post: 1
Iscritto il: 25/07/09 11:11

Re: problema con i POP UP??

Postdi Tremebondo » 10/08/09 12:21

Ciao, io ho lo stesso problema. Ho XP sp3 e l'ultimo IE. Ho effettuato tutte le pulizie del caso ma niente da fare!
Se può servire aggiungo di seguito il report di combofix:
ComboFix 09-08-09.04 - Lorenzo 10/08/2009 13.02.40.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.168 [GMT 2:00]
Eseguito da: c:\documents and settings\Lorenzo\Documenti\Download\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documenti\_desktop.ini
c:\documents and settings\All Users\Documenti\FX Interactive\_desktop.ini
c:\documents and settings\All Users\Documenti\FX Interactive\ITA-FlashNews\_desktop.ini
c:\documents and settings\All Users\Documenti\FX Interactive\ITA-Imperivm-Anthology\_desktop.ini
c:\documents and settings\All Users\Documenti\FX Interactive\ITA-SACFlash\_desktop.ini
c:\documents and settings\All Users\Documenti\Immagini\_desktop.ini
c:\documents and settings\All Users\Documenti\Immagini\Immagini campione\_desktop.ini
c:\documents and settings\All Users\Documenti\microsoft\_desktop.ini
c:\documents and settings\All Users\Documenti\microsoft\IdentityCRL\_desktop.ini
c:\documents and settings\All Users\Documenti\microsoft\IdentityCRL\production\_desktop.ini
c:\documents and settings\All Users\Documenti\Musica\_desktop.ini
c:\documents and settings\All Users\Documenti\Musica\Musica campione\_desktop.ini
c:\documents and settings\All Users\Documenti\Musica\Playlists\_desktop.ini
c:\documents and settings\All Users\Documenti\Musica\Sample Playlists\_desktop.ini
c:\documents and settings\All Users\Documenti\Musica\Sample Playlists\000E219D\_desktop.ini
c:\documents and settings\All Users\Documenti\Musica\Sync Playlists\_desktop.ini
c:\documents and settings\All Users\Documenti\Musica\Sync Playlists\55DF6\_desktop.ini
c:\documents and settings\All Users\Documenti\sun\_desktop.ini
c:\documents and settings\All Users\Documenti\Video\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\$SystemUpdate\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\Driver eeepc\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\Karaoke cdg Creator\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\Karaoke cdg Creator\Cracked-ARN\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\Karaoke cdg Creator\Cracked-ARN\crack\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\Karaoke cdg Creator\Setup\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\docs\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\artwork\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\bkground\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\cabinets\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\cfg\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\cpanel\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\ctrlr\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\diff\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\docs\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\flyers\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\folders\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\icons\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\ini\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\inp\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\marquees\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\memcard\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\nvram\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\roms\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\samples\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\snap\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\sta\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\MameUI32\titles\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\build\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\audio\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\adsp2100\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\alph8201\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\apexc\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\arm\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\arm7\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\asap\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\ccpu\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\cdp1802\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\cop400\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\cp1610\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\cubeqcpu\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\dsp32\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\dsp56k\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\e132xs\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\esrip\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\f8\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\g65816\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\h6280\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\h83002\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\hd6309\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\i386\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\i8085\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\i86\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\i860\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\i960\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\jaguar\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\konami\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\lh5801\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\lr35902\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\m37710\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\m6502\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\m6800\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\m68000\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\m6805\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\m6809\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\mb86233\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\mb88xx\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\mc68hc11\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\mcs48\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\mcs51\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\minx\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\mips\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\nec\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\pdp1\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\pic16c5x\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\powerpc\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\rsp\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\s2650\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\saturn\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\sc61860\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\se3208\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\sh2\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\sh4\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\sharc\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\sm8500\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\spc700\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\ssp1601\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\t11\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\tlcs90\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\tms32010\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\tms32025\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\tms32031\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\tms32051\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\tms34010\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\tms7000\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\tms9900\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\upd7810\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\v30mz\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\v60\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\v810\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\z180\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\z80\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\cpu\z8000\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\debug\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\drivers\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\layout\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\machine\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\sound\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\emu\video\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\ldplayer\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\ldplayer\layout\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\lib\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\lib\expat\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\lib\util\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\lib\zlib\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\mame\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\mame\audio\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\mame\drivers\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\mame\etc\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\mame\includes\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\mame\layout\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\mame\machine\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\mame\video\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\osd\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\osd\osdmini\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Download\mame\src\tools\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\File ricevuti\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Immagini\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Immagini\Toolbar4Free Toolbar images\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\01\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\01\09\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\01\09\01\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\02\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\02\05\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\02\05\01\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\04\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\04\10\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\04\10\02\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\05\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\05\01\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\05\01\06\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\05\14\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\05\14\15\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\06\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\06\05\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\06\05\09\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\06\15\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\06\15\05\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\07\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\07\01\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\07\01\15\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\14\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\14\15\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\Album Artwork\Cache\8C36D93FCB0A0881\14\15\07\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Ludwig van Beethoven, composer. Seattle\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Ludwig van Beethoven, composer. Seattle\Album sconosciuto\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Marc Seales, composer. New Stories. Erni\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Marc Seales, composer. New Stories. Erni\Speakin' Out\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Ranieri\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Ranieri\Album sconosciuto\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Tiziano Ferro\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Tiziano Ferro\Nessuno è solo\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Musica\iTunes\iTunes Music\Tiziano Ferro\Rosso Relativo [UK]\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\My Stationery\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Nuova cartella\_desktop.ini
c:\documents and settings\Lorenzo\Documenti\Video\_desktop.ini
c:\documents and settings\Lorenzo\Impostazioni locali\Dati applicazioni\imcqg.dat
c:\documents and settings\Lorenzo\Impostazioni locali\Dati applicazioni\imcqg.exe
c:\documents and settings\Lorenzo\Impostazioni locali\Dati applicazioni\imcqg_nav.dat
c:\documents and settings\Lorenzo\Impostazioni locali\Dati applicazioni\imcqg_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-07-10 al 2009-08-10 )))))))))))))))))))))))))))))))))))
.

2009-08-10 10:46 . 2009-08-10 10:46 112 ----a-w- C:\fix.reg
2009-08-10 10:24 . 2009-08-10 10:33 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-10 10:16 . 2009-08-10 10:16 -------- d-----w- c:\documents and settings\Lorenzo\Impostazioni locali\Dati applicazioni\Google
2009-08-10 10:16 . 2009-08-10 10:16 -------- d-----w- c:\programmi\Google
2009-08-09 09:48 . 2009-08-09 09:48 -------- d-----w- c:\programmi\DustBuster
2009-08-09 09:10 . 2009-08-09 09:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2009-08-08 15:13 . 2009-08-08 15:17 -------- d-----w- c:\programmi\PC-Clean
2009-08-08 15:13 . 2009-08-08 15:13 -------- d-----w- c:\programmi\NLIA
2009-08-08 15:13 . 2006-03-29 01:07 36864 ----a-w- c:\windows\system32\NliaControlRes.dll
2009-08-08 09:21 . 2009-08-08 09:23 -------- d-----w- c:\programmi\TweakNow RegCleaner
2009-08-08 09:21 . 2009-08-08 09:21 -------- d-----w- c:\documents and settings\Lorenzo\Dati applicazioni\TweakNow RegCleaner
2009-08-08 09:20 . 2001-08-30 21:07 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-08 09:20 . 2001-08-30 21:07 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-08 09:20 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-08 09:20 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-08 09:20 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-08 09:20 . 2008-04-13 17:12 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-08 00:35 . 2009-08-08 00:35 -------- d-----w- c:\programmi\CCleaner
2009-08-08 00:19 . 2009-08-08 00:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-08-07 18:32 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-07 17:16 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-07 17:15 . 2009-08-07 17:15 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-07 17:15 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-07 17:14 . 2009-08-07 17:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-08-07 17:14 . 2009-08-07 17:14 -------- d-----w- c:\programmi\Lavasoft
2009-07-19 16:04 . 2009-07-19 16:04 -------- d-----w- c:\documents and settings\Lorenzo\Dati applicazioni\live-player
2009-07-19 16:04 . 2009-07-19 16:04 -------- d-----w- c:\programmi\Live-Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 09:54 . 2009-06-29 14:50 -------- d-----w- c:\programmi\TVUPlayer
2009-08-09 09:54 . 2009-05-15 19:54 -------- d-----w- c:\programmi\SopCast
2009-08-09 09:54 . 2009-01-31 12:26 -------- d-----w- c:\programmi\Windows Installer Clean Up
2009-08-09 09:54 . 2009-01-31 11:33 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-08-09 09:54 . 2009-02-08 20:39 -------- d-----w- c:\programmi\Burn4Free
2009-08-09 09:51 . 2009-06-16 10:57 -------- d-----w- c:\programmi\QuickTime
2009-08-08 15:13 . 2009-01-31 12:15 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-24 15:13 . 2009-01-31 11:36 1 ----a-w- c:\documents and settings\Lorenzo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-23 10:17 . 2009-06-16 10:59 -------- d-----w- c:\documents and settings\Lorenzo\Dati applicazioni\Apple Computer
2009-07-17 17:19 . 2009-07-17 17:19 1864055 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aeheur.dll
2009-07-17 17:19 . 2009-07-17 17:19 1864055 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\ave2\aeheur.dll
2009-07-14 18:35 . 2009-07-17 17:19 438651 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aescript.dll
2009-07-14 18:35 . 2009-07-17 17:19 430452 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aerdl.dll
2009-07-14 18:35 . 2009-07-17 17:19 229748 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aehelp.dll
2009-07-14 18:35 . 2009-07-17 17:19 180597 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aecore.dll
2009-07-03 16:55 . 2008-05-08 16:27 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 14:48 . 2009-07-17 17:19 348532 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aegen.dll
2009-06-29 14:50 . 2009-06-29 14:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-06-27 10:08 . 2009-06-22 07:53 -------- d-----w- c:\programmi\Imperivm Anthology
2009-06-22 08:01 . 2009-06-22 08:01 -------- d--h--w- c:\programmi\FX Uninstall Information
2009-06-17 20:00 . 2009-07-17 17:19 196987 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aeoffice.dll
2009-06-16 14:36 . 2008-04-13 17:13 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-04-13 17:13 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 10:59 . 2009-06-16 10:59 -------- d-----w- c:\programmi\iTunes
2009-06-16 10:59 . 2009-06-16 10:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-16 10:59 . 2009-06-16 10:59 -------- d-----w- c:\programmi\iPod
2009-06-16 10:59 . 2009-06-16 10:56 -------- d-----w- c:\programmi\File comuni\Apple
2009-06-16 10:59 . 2009-06-16 10:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-06-16 10:58 . 2009-06-16 10:58 -------- d-----w- c:\programmi\Bonjour
2009-06-16 10:57 . 2009-06-16 10:57 -------- d-----w- c:\programmi\Apple Software Update
2009-06-16 10:56 . 2009-06-16 10:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 19:09 . 2008-04-13 17:13 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 18:09 . 2009-01-31 11:09 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-28 18:09 . 2009-07-17 17:19 401783 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aepack.dll
2009-05-28 18:09 . 2009-06-03 19:30 401783 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a26cf3c\validationdir\aepack.dll
2009-05-28 18:09 . 2009-06-03 19:30 180599 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a26cf3c\validationdir\aecore.dll
2009-05-15 18:49 . 2009-06-03 19:30 389497 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a26cf3c\validationdir\aescript.dll
2009-05-15 18:49 . 2009-07-17 17:19 127347 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a60b1e1\validationdir\aescn.dll
2009-05-15 18:49 . 2009-06-03 19:30 127347 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a26cf3c\validationdir\aescn.dll
2009-05-15 18:49 . 2009-06-03 19:30 1761655 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a26cf3c\validationdir\aeheur.dll
2009-05-15 18:49 . 2009-06-03 19:30 348532 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4a26cf3c\validationdir\aegen.dll
.

------- Sigcheck -------

[-] 2008-05-08 16:30 1571840 4ED067D8270174E777286A26FECDB3E8 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-02-08 20:39 806912 ----a-w- c:\programmi\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\programmi\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2009-02-08 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\programmi\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2009-02-08 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-08-10 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AudioDeck"="c:\programmi\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NliaClient"="c:\programmi\NLIA\Netpia.exe" [2006-07-20 49152]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

c:\documents and settings\Lorenzo\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3692:UDP"= 3692:UDP:Windows Media Format SDK (Live-Player.exe)
"3693:UDP"= 3693:UDP:Windows Media Format SDK (Live-Player.exe)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/08/2009 19.16.27 64160]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 16.49.06 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-imcqg - c:\documents and settings\lorenzo\impostazioni locali\dati applicazioni\imcqg.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/sc ... canner.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 13:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\programmi\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-08-10 13.10.49
ComboFix-quarantined-files.txt 2009-08-10 11:10

Pre-Run: 111.772.839.936 byte disponibili
Post-Run: 111.837.220.864 byte disponibili

368 --- E O F --- 2009-08-02 00:59


Qual'è la prossima mossa??
Grazie mille
Tremebondo
Newbie
 
Post: 7
Iscritto il: 21/05/08 23:15

Re: problema con i POP UP??

Postdi Tremebondo » 10/08/09 15:02

Porca vacca.......con Combofix si è risolto tutto.
Grazie mille.
Tremebondo
Newbie
 
Post: 7
Iscritto il: 21/05/08 23:15


Torna a Sicurezza e Privacy


Topic correlati a "problema con i POP UP??":


Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti