MegaLab.it

Inviato: **dom dic 31, 2006 1:47 am**

ciao a tutti,
uno dialer rompiscatole si e' introdotto nel mio pc facendomi apparire pup-up che sponsorizzano antivirus,
ecco il log della scansione fatto con hijackthis, sapete dirmi come liberarmene?grazie.

Logfile of HijackThis v1.99.1
Scan saved at 0.43.05, on 31/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\Programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ismini.exe
C:\Programmi\MYIE2\MyIE.exe
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
C:\Documents and Settings\luca\Impostazioni locali\Temp\Directory temporanea 4 per hijackthis.zip\HijackThis.exe

O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [mcupdmgr.exe] c:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe -regserver
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Inviato: **dom dic 31, 2006 9:43 am**

secondo http://www.hijackthis.de/it

hai diverse cose sospette,ma prima di cancellare alcune righe aspetta altri interventi..intanto dai un'occhiata tu stesso

Inviato: **dom dic 31, 2006 10:01 am**

Nonostante due antivirus, qualcosa è passato.

Da eliminare questi e speriamo che bastino.
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\ismini.exe
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll

Usa unlocker per i singoli file e poi cancella le righe con hijackthis.

Inviato: **dom dic 31, 2006 3:27 pm**

Se ho ben capito ti appaiono degli pop-up nella tray bar che invitano a scaricare l'antivirus?
In tal caso non sarà sufficiente eliminare quei file, leggi questo topic su come risolvere il problema.

Inviato: **dom dic 31, 2006 3:39 pm**

crazy.cat,purtroppo i due antivirus l'ho installati dopo che le porcherie entrassero,ero in fase di reinstallo del SO, e stupidamente sono andato a navigare...nudo!....si, Amantide, e' cosi in effetti,adesso leggo il topic...

Inviato: **dom dic 31, 2006 3:51 pm**

ho pulito con Roquescanfix, e questo e' il risultato:

Logfile of HijackThis v1.99.1
Scan saved at 14.51.43, on 31/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\AVPersonal\AVGNT.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\MYIE2\MyIE.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\luca\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Inviato: **dom dic 31, 2006 4:27 pm**

Quello che si vedeva è sparito, hai ancora problemi?

Inviato: **dom dic 31, 2006 8:30 pm**

No, non e' piu' capitato, tutto debellato sembra... [applauso+]

thanks to you all!

MegaLab.it

dialer rompiscatole

dialer rompiscatole

Re: dialer rompiscatole