Condividi:        

Mi compare un strano avviso!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Mi compare un strano avviso!

Postdi paolodik » 10/06/10 19:02

Da qualche giorno quando accendo il PC mi compare sempre uno strano avviso, non riesco ad eliminarlo ne con scansione antiviru :cry: s, antimalware, Spibot, ADWare, insomma non so che fare, allego il problema, grazie per eventuali aiuti.


Immagine


Immagine
paolodik
Utente Senior
 
Post: 1381
Iscritto il: 20/09/04 02:02

Sponsor
 

Re: Mi compare un strano avviso!

Postdi shel » 10/06/10 20:47

ciao

di quell'avviso riesco a vedere quel e.exe che non e' altro che un malware

disattiva l'antivirus

scarica combofix sul desktop
(non installare la recovery console)

- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Mi compare un strano avviso!

Postdi paolodik » 10/06/10 23:18

Dovrebbe essere questo se ho fatto tutto bene :

ComboFix 09-05-06.05 - Paolo 11/06/2010 0.08.21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1523 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Paolo\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2010-05-10 al 2010-06-10 )))))))))))))))))))))))))))))))))))
.

2010-06-10 22:05:57 . 2010-06-10 22:05:57 0 d-----w C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Softonic-IT
2010-06-10 22:05:56 . 2010-06-10 22:05:57 0 d-----w C:\Programmi\Softonic-IT
2010-06-10 06:07:03 . 2010-05-06 10:32:41 743424 -c----w C:\WINDOWS\system32\dllcache\iedvtool.dll
2010-06-03 04:52:57 . 2010-06-03 04:52:57 0 d-----w C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\PicaJetFotkiUploader
2010-06-03 04:49:21 . 2010-06-03 04:49:21 0 d-----w C:\Documents and Settings\Paolo\Dati applicazioni\Picajet.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 09:25:49 . 2002-09-10 12:00:00 94980 ----a-w C:\WINDOWS\system32\perfc010.dat
2010-06-10 09:25:49 . 2002-09-10 12:00:00 512806 ----a-w C:\WINDOWS\system32\perfh010.dat
2010-06-09 15:43:48 . 2010-02-14 13:59:19 32208 ----a-w C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-04 09:57:37 . 2010-02-14 14:13:20 0 d-----w C:\Programmi\Microsoft Silverlight
2010-05-27 08:12:07 . 2010-05-03 17:40:02 0 d-----w C:\Programmi\MailNavigator
2010-05-06 10:32:52 . 2004-08-19 13:39:30 916480 ----a-w C:\WINDOWS\system32\wininet.dll
2010-05-02 08:06:54 . 2004-08-19 13:31:06 1851264 ----a-w C:\WINDOWS\system32\win32k.sys
2010-04-20 05:30:21 . 2004-08-19 13:37:46 285696 ----a-w C:\WINDOWS\system32\atmfd.dll
2010-03-30 13:36:58 . 2010-03-30 13:36:58 0 ----a-w C:\WINDOWS\nsreg.dat
2010-03-15 07:57:08 . 2010-03-14 00:33:32 691696 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2010-03-14 00:37:29 . 2010-03-14 00:37:29 223128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2010-03-02 17:59:37 . 2010-02-11 23:39:57 6969 ----a-w C:\Programmi\hijackthis.log
2010-03-01 14:12:06 . 2010-03-01 14:12:05 44371752 ----a-w C:\Programmi\Setup Avast_5 febbraio 2010.zip
2010-02-04 16:35:18 . 2010-03-15 07:56:04 4940440 ----a-w C:\Programmi\IsoBurner-Setup.exe
2007-12-09 16:19:46 . 2010-03-01 14:13:24 2531 ------w C:\Programmi\LEGGIMI.htm
2007-03-05 07:41:22 . 2010-04-27 12:36:17 532992 ----a-w C:\Programmi\OEView.exe
2007-02-22 19:08:08 . 2010-03-28 02:19:53 925696 ----a-w C:\Programmi\GSpot.exe
2007-02-19 14:28:02 . 2010-03-28 02:19:53 117974 ----a-r C:\Programmi\GSpot27.dat
2007-02-16 09:45:58 . 2010-04-27 12:36:17 2790 ----a-w C:\Programmi\OEViewer.txt
2007-01-16 21:37:50 . 2010-03-28 02:19:53 3615 ----a-r C:\Programmi\license.txt
2007-01-16 21:37:50 . 2010-03-28 02:19:53 10684 ----a-r C:\Programmi\ExportFormat.txt
2004-03-18 16:00:32 . 2010-02-09 22:01:56 40960 ----a-w C:\Programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-03-17 13:45:32 2355224 ----a-w C:\Programmi\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "C:\Programmi\Softonic-IT\tbSoft.dll" [2010-03-17 13:45:32 2355224]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:14:04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59:20 878080]
"avast5"="C:\PROGRA~1\ALWILS~2\Avast5\avastUI.exe" [2010-05-06 20:59:42 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 18:14:04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Programmi\\Java\\jre6\\bin\\java.exe"=

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [12/02/2010 1.29.58 64160]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [02/03/2010 16.22.38 164048]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [02/03/2010 16.22.38 19024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1029456]
R2 YahooAUService;Yahoo! Updater;C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe [09/11/2008 22.48.14 602392]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [26/02/2009 13.40.10 99856]
S2 gupdate;Servizio di Google Update (gupdate);C:\Programmi\Google\Update\GoogleUpdate.exe [03/03/2010 0.15.23 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-06 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34:46 . 2010-03-04 23:29:21]

2010-06-10 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2010-03-02 22:15:23 . 2010-03-02 22:15:21]

2010-06-10 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2010-03-02 22:15:23 . 2010-03-02 22:15:21]

2010-06-10 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 14:07:42 . 2009-08-03 14:07:42]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-start 1 - C:\DOCUME~1\Paolo\IMPOST~1\Temp\e.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://it.yahoo.com/?fr=fp-tyc8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - C:\Documents and Settings\Paolo\Dati applicazioni\Mozilla\Firefox\Profiles\hsjtop0y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - plugin: C:\Programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
paolodik
Utente Senior
 
Post: 1381
Iscritto il: 20/09/04 02:02

Re: Mi compare un strano avviso!

Postdi shel » 11/06/10 08:56

sei sicuro di aver incollato il log er intero? manca la parte finale , controlla meglio
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Mi compare un strano avviso!

Postdi paolodik » 11/06/10 18:54

Si c'è tutto, in C ho trovato ComboFix e non ComboFix.txt, credo sia quello
paolodik
Utente Senior
 
Post: 1381
Iscritto il: 20/09/04 02:02

Re: Mi compare un strano avviso!

Postdi Luke57 » 11/06/10 23:26

Ciao, l'avviso ti compare sempre? Combofix ha eliminato un valore di registro del malware.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Mi compare un strano avviso!

Postdi paolodik » 11/06/10 23:55

Da un po non lo vedo più
paolodik
Utente Senior
 
Post: 1381
Iscritto il: 20/09/04 02:02


Torna a Sicurezza e Privacy


Topic correlati a "Mi compare un strano avviso!":


Chi c’è in linea

Visitano il forum: Nessuno e 83 ospiti