pop up indesiderate.

[felice211]

scusatemi ma le ho provate tutte:

il problema rimane quelle pop up indesiderate e il triangolo giallo con all'interno il punto esclamativo (!) che si posiziona sotto la barra delle applicazione vicino all'orologio.

a) Sistema operativo: Windows XP prof.;
b) Problema riscontrato: pop up che arrivano e il triangolo giallo con all'interno il punto esclamativo (!) che si posiziona sotto la barra delle applicazione vicino all'orologio.
c) Operazioni effettuate: Ewido, Ad-Aware, SpyBot search and destroy. CWShredder, oltre a Kaspersky Anti-Virus on line.
d) Questo è il log generato da HJT:


Logfile of HijackThis v1.99.1
Scan saved at 18.29.29, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\isnotify.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\anvshell.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Programmi\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Apache Group\Apache2\bin\Apache.exe
C:\Programmi\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.html.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5202C10E-4590-448A-9ABD-48604FA2468E}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Apache2 - Unknown owner - C:\Programmi\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

Ciao e grazie

[andorra24]

Ciao, scarica SmitFraudfix e decomprimilo in una cartella a tua scelta estraendo tutti i file:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Riavvia in modalità provvisoria

Apri la cartella che contiene SmitfraudFix avvia smitfraudfix.cmd
Seleziona opzione #2 - Clean cliccando sul 2 e premi Invio.
Riceverai questo messaggio: Registry cleaning - Do you want to clean the registry ?
Rispondi Sì cliccando Y e premi invio.
Rispondi Sì (Y) ad eventuali altre domande

eseguita tutta la scansione dopo il riavvio del pc posta sul forum il rapporto del programma.

[felice211]

Questo il rapporto:

SmitFraudFix v2.73

Scan done at 19.24.56,39, 17/07/2006
Run from C:\Documents and Settings\felix\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[andorra24]

Posta un nuovo log di hijackthis.

[felice211]

eccolo!
Anche se mi sembre sia uguale a quello di prima

SmitFraudFix v2.73

Scan done at 21.38.11,01, 17/07/2006
Run from C:\Documents and Settings\felix\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[andorra24]

Ti ho chiesto un nuovo log di hijackthis, non quello di smitfraudfix.

[felice211]

Scusami, ma questa situazione mi sta facendo perdere i lumi


Logfile of HijackThis v1.99.1
Scan saved at 22.03.10, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Apache Group\Apache2\bin\Apache.exe
C:\Programmi\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\anvshell.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.html.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 127.0.0.2 fpavellino
O1 - Hosts: 127.0.0.3 amorepersempre
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5202C10E-4590-448A-9ABD-48604FA2468E}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Apache2 - Unknown owner - C:\Programmi\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

[andorra24]

Smitfraudfix ti ha eliminato un po' di roba, credo che adesso la situazione dovrebbe essere migliorata. Con hijackthis fixa queste 2 voci se non le conosci:
O1 - Hosts: 127.0.0.2 fpavellino
O1 - Hosts: 127.0.0.3 amorepersempre

[felice211]

Infatti credo che la situazione sia stata risolta, infatti da alcune ore non mi arrivano più quelle fastidiose pop up.
Le due voci sono dei siti che ho in locale nel file host per fare delle prove in locale.

Ciao sei stato prezzzzzzziosisssssssimo.

[andorra24]

Originariamente inviato da felice211

Ciao sei statA prezzzzzzziosisssssssimA.

Lieta di esserti stata d'aiuto.