E' una pop up che compare sul mio computer e trova origine nell'area di notifica. Come si fa per eliminarla?

Ciao paolo ,
parli di questo ?
<img src="http://img47.imageshack.us/img47/8437/yourcomputerisinfectedaa6.jpg" border=0>

allora vai in questa pagina e utilizza smitfraudfix-> http://steven.altervista.org/files/tools.html

PS__alla fine postaci sial il log smitfraud e sia quello di hijackthis

Edited by - steven75 on 07/22/2006 20:44:18

Grazie del suggerimento, ho risolto il problema.

Logfile of HijackThis v1.97.7
Scan saved at 21.58.17, on 22/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDO33\System32\smss.exe
C:\WINDO33\system32\winlogon.exe
C:\WINDO33\system32\services.exe
C:\WINDO33\system32\lsass.exe
C:\WINDO33\system32\svchost.exe
C:\WINDO33\System32\svchost.exe
C:\WINDO33\system32\spoolsv.exe
C:\WINDO33\Explorer.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
D:\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O1 - Hosts: 213.212.82.185 www.globet.com
O1 - Hosts: 213.212.72.122 enigma.globet.co.uk
O1 - Hosts: 213.212.82.180 www.globetgames.com
O1 - Hosts: 213.212.72.119 livehelp.globet.com
O1 - Hosts: 213.212.72.116 www.fulltimescore.com
O1 - Hosts: 195.244.199.72 www.globetcasino.com
O1 - Hosts: 195.244.199.73 auth.globetcasino.com
O1 - Hosts: 195.244.199.75 www.globetvip.com
O1 - Hosts: 213.212.82.184 www.globet.tv
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1DE38CF5-DC2A-B997-A62B-9F525ABD7E6A} - C:\WINDO33\nhlbx1.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{061D529D-F727-4BE4-B977-95774526B41D}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{061D529D-F727-4BE4-B977-95774526B41D}: NameServer = 213.205.36.70 213.205.32.70


mitFraudFix v2.74

Scan done at 21.47.35,79, 22/07/2006
Run from D:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDO33\System32\yephk.dll ->
C:\WINDO33\System32\yephk.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDO33\system32\ishost.exe Deleted
C:\WINDO33\system32\ismon.exe Deleted
C:\WINDO33\system32\isnotify.exe Deleted
C:\WINDO33\system32\components\flx?.dll Deleted
C:\Programmi\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Il log hijackthis è intero e in modalità normale... ti meravigli perché c'è poca roba, vero?

Hai sicuramente ragione, ma che vuoi, nel tentare di risolvere il problema da solo, avrò cancellato alcune chiavi...<img src=icon_smile.gif border=0 align=middle>

Ciao Steven,
questo è log hijackthis completo; ti preciso che sono un neo iscritto al sito e sono molto soddisfatto, avendo in questo modo risolto già un paio di problemi. Non credevo di ottenere questi ottimi risultati. Prima dell’iscrizione ho cercato di risolvere alla modo mio. Tu piuttosto come fai a sapere tutte queste cose? E secondo te, quali sono i migliori programmi per proteggermi da “visite indiscrete”?

Logfile of HijackThis v1.97.7
Scan saved at 12.44.57, on 24/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDO33\System32\smss.exe
C:\WINDO33\system32\winlogon.exe
C:\WINDO33\system32\services.exe
C:\WINDO33\system32\lsass.exe
C:\WINDO33\system32\svchost.exe
C:\WINDO33\System32\svchost.exe
C:\WINDO33\system32\spoolsv.exe
C:\WINDO33\Explorer.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\WINDO33\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O1 - Hosts: 213.212.82.185 www.globet.com
O1 - Hosts: 213.212.72.122 enigma.globet.co.uk
O1 - Hosts: 213.212.82.180 www.globetgames.com
O1 - Hosts: 213.212.72.119 livehelp.globet.com
O1 - Hosts: 213.212.72.116 www.fulltimescore.com
O1 - Hosts: 195.244.199.72 www.globetcasino.com
O1 - Hosts: 195.244.199.73 auth.globetcasino.com
O1 - Hosts: 195.244.199.75 www.globetvip.com
O1 - Hosts: 213.212.82.184 www.globet.tv
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1DE38CF5-DC2A-B997-A62B-9F525ABD7E6A} - C:\WINDO33\nhlbx1.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

Il LOG è COMPLETISSIMO...
PER FAVORE... NON DITE PIù CHE IL LOG NON è COMPLETO... in totale sono 22 righe!!! Da R0 a O9

Ma io il log lo copio e l'incollo interamente... hijackthis l'ho lanciato e rilanciato, ma il log esce sempre uguale. Ora ho scaricato la versione di hijackthis proposta su questo sito e ripropongo il log.
Ti ripeto che, forse, erroneamente ho cancellato io alcune voci dopo la scansione.

Logfile of HijackThis v1.99.1
Scan saved at 16.47.52, on 24/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDO33\System32\smss.exe
C:\WINDO33\system32\winlogon.exe
C:\WINDO33\system32\services.exe
C:\WINDO33\system32\lsass.exe
C:\WINDO33\system32\svchost.exe
C:\WINDO33\System32\svchost.exe
C:\WINDO33\system32\spoolsv.exe
C:\WINDO33\Explorer.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDO33\System32\wuauclt.exe
C:\Programmi\FlashGet\flashget.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe
C:\WINDO33\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - Default URLSearchHook is missing
O1 - Hosts: 213.212.82.185 www.globet.com
O1 - Hosts: 213.212.72.122 enigma.globet.co.uk
O1 - Hosts: 213.212.82.180 www.globetgames.com
O1 - Hosts: 213.212.72.119 livehelp.globet.com
O1 - Hosts: 213.212.72.116 www.fulltimescore.com
O1 - Hosts: 195.244.199.72 www.globetcasino.com
O1 - Hosts: 195.244.199.73 auth.globetcasino.com
O1 - Hosts: 195.244.199.75 www.globetvip.com
O1 - Hosts: 213.212.82.184 www.globet.tv
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {1DE38CF5-DC2A-B997-A62B-9F525ABD7E6A} - C:\WINDO33\nhlbx1.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{061D529D-F727-4BE4-B977-95774526B41D}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{061D529D-F727-4BE4-B977-95774526B41D}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{061D529D-F727-4BE4-B977-95774526B41D}: NameServer = 213.205.36.70 213.205.32.70