Strane finestre di allerta (Windows XP)

[manu270183]

Ciao a tutti!
E' da un paio di giorni che sul mio pc appaiono strane finestre con titolo "Windows Alert" (o qualcosa del genere) con testo scritto in inglese che dice qualcosa come "Stop! Windows requires immediate attention! E di seguito dice che alcuni file di sistema risultano danneggiati e consiglia di visitare i siti windowsregfix.com e regeditpro.com scaricare gli appositi programmi e riparare i danni, per non incorrere in "data loss and corruption".
Cosa importante è che finora sono apparse solamente mentre c'era e-mule in esecuzione.
Un paio di volte il mio pc si è riavviato automaticamente appena aperto windows xp ma, a parte questo, tutto funziona perfettamente...
Vorrei sapere se qualcuno ha mai riscontrato il mio stesso problema, se è un virus o cosa! Qualcuno mi ha detto che potrebbe essere un sasser o simile ed ho già eseguito gli scan con gli antivirus più adeguati (Norton, Ad-Aware, Stinger...).
Tutto sembra a posto per ora ma ho paura che qualcosa si guasti all'improvviso...
Se qualcuno potesse aiutarmi gli sarei grata.
Grazie mille



post editato, attenzione a postare indirizzi cliccabili e potenzialmente pericolosi. Grazie
amvinfe

[amvinfe]

i messaggi sono simili a questo?

codice:

"Messenger Service
 
Message from CRITICAL to ERROR on mm/gg/aa HH:MM:SS 
 
Microsoft Windows has encounted an Internal Error
Your windows registry is corrupted.
Microsoft recommends a complete system scan.
 
Visit
 
******regeditpro.com
 
To repair now
 
(with an 'ok' button at the bottom)"

penso sia proprio causato da emule.

Vai in questo 3d e segui dal IV° punto
http://forum.html.it/forum/showthrea...hreadid=811189

[manu270183]

Il messaggio è proprio quello!
Grazie, ora provo e poi ti faccio sapere!
Grazie ancora!

[manu270183]

Logfile of HijackThis v1.99.1
Scan saved at 15.59.57, on 19/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
G:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Pinnacle\PCTV Sat\Remote\Remoterm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\KMaestro\KMaestro.exe
C:\MMaestro\BWheel35.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
G:\INSTAN~1\IWCTRL.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07. exe
C:\WINDOWS\System32\NILaunch.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\VVSN\VVSN.exe
C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
D:\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRoute rRuntime.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\KMaestro\WTS_KEY.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programmi\HJThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Programmi\Pinnacle\PCTV Sat\Remote\Remoterm.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IW Controlcenter] g:\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07. exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VVSN] C:\Programmi\VVSN\VVSN.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON CardMonitor.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{64084C46-6842-42B2-BF85-9E37EB34CD43}: NameServer = 151.99.125.2 151.99.125.3
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - G:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - G:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - G:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe



Questo è quello che risulta dalla scansione... ora cosa devo fare?

[amvinfe]

Apri HJT, fai lo scan metti la spunta al fianco dei valori, chiudi tutti i programmi, browser compreso, clicca su Fix chekced:

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Riavvia in modalità provvisoria ed elimina

C:\Programmi\Common files\SearchUpgrader \SearchUpgrader.exe <==la cartella

riavvia e con TUTTE le applicazioni chiuse BROWSER COMPRESO fai un nuovo scan con HJT e posta il log.