Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutoooo Virus CID Opzioni
ChrisMartinGirl
Inviato: Sunday, May 04, 2008 6:54:30 PM
Rank: Member

Iscritto dal : 6/26/2005
Posts: 4
Aiutatemi vi prego queste pagine che si aprono contemporaneamente che mi rallentano e bloccano tutto è pubbblicità
ma continua non smette mai.....ho provato vari tipi di spyware ma niente non mi cancellano sto CID del cavolo :(
ecco lo scan hijack

Logfile of HijackThis v1.99.1
Scan saved at 18.47.52, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
F:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Winamp\winamp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Netscape\Navigator 9\navigator.exe
C:\Documents and Settings\Ida\Documenti\My Albums\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CFD5A555-2E1A-4AAA-897A-14229131F102} - C:\WINDOWS\system32\mfc42u32.dll
O3 - Toolbar: PopThis! Pop-Up Blocker - {1C7D7C4D-945C-4BB7-B1B9-B25F0A967710} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [FREE VIEW GRIM SOAP] C:\Documents and Settings\All Users\Dati applicazioni\Meal Memo Free View\face bolt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [del temp] C:\deltemp.bat
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [magslog] C:\DOCUME~1\Ida\DATIAP~1\blueweb\roadgrid.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Last.fm Helper.lnk = F:\Programmi\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/DownloaderActiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe


grazie in anticipo come sempre
Sponsor
Inviato: Sunday, May 04, 2008 6:54:30 PM

 
r16
Inviato: Sunday, May 04, 2008 8:43:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Scarica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe
Norman Malware Cleaner da usare IN MODALITA PROVVISORIA.

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
Riavvia il pc.

Disabilita il tuo antivirus.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre qui.
ComboFix non funziona in modalità provvisoria



ChrisMartinGirl
Inviato: Sunday, May 04, 2008 11:47:25 PM
Rank: Member

Iscritto dal : 6/26/2005
Posts: 4
Allora ho fatto modalita provvisoria ed ho scansionato con Norman Malware Cleaner però ad un certo punto si blocca e non va avanti
ora ti posto il log fin dove è arrivato

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/04/29 19:17:00

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/04/29 19:17:00, Variants: 1600559

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode with network) Service Pack 2
Logged on user: IDA-8E4F11DEE23\Ida

Removed hosts entry: 127.0.0.1 bin.errorprotector.com
Removed hosts entry: 127.0.0.1 br.errorsafe.com
Removed hosts entry: 127.0.0.1 br.winantivirus.com
Removed hosts entry: 127.0.0.1 br.winfixer.com
Removed hosts entry: 127.0.0.1 cdn.drivecleaner.com
Removed hosts entry: 127.0.0.1 cdn.errorsafe.com
Removed hosts entry: 127.0.0.1 cdn.winsoftware.com
Removed hosts entry: 127.0.0.1 de.errorsafe.com
Removed hosts entry: 127.0.0.1 de.winantivirus.com
Removed hosts entry: 127.0.0.1 download.cdn.drivecleaner.com
Removed hosts entry: 127.0.0.1 download.cdn.errorsafe.com
Removed hosts entry: 127.0.0.1 download.cdn.winsoftware.com
Removed hosts entry: 127.0.0.1 download.errorsafe.com
Removed hosts entry: 127.0.0.1 download.systemdoctor.com
Removed hosts entry: 127.0.0.1 download.winantispyware.com
Removed hosts entry: 127.0.0.1 download.windrivecleaner.com
Removed hosts entry: 127.0.0.1 download.winfixer.com
Removed hosts entry: 127.0.0.1 drivecleaner.com
Removed hosts entry: 127.0.0.1 dynamique.drivecleaner.com
Removed hosts entry: 127.0.0.1 errorprotector.com
Removed hosts entry: 127.0.0.1 errorsafe.com
Removed hosts entry: 127.0.0.1 es.winantivirus.com
Removed hosts entry: 127.0.0.1 fr.winantivirus.com
Removed hosts entry: 127.0.0.1 fr.winfixer.com
Removed hosts entry: 127.0.0.1 go.drivecleaner.com
Removed hosts entry: 127.0.0.1 go.errorsafe.com
Removed hosts entry: 127.0.0.1 go.winantispyware.com
Removed hosts entry: 127.0.0.1 go.winantivirus.com
Removed hosts entry: 127.0.0.1 hk.winantivirus.com
Removed hosts entry: 127.0.0.1 instlog.errorsafe.com
Removed hosts entry: 127.0.0.1 instlog.winantivirus.com
Removed hosts entry: 127.0.0.1 instlog.winfixer.com
Removed hosts entry: 127.0.0.1 jsp.drivecleaner.com
Removed hosts entry: 127.0.0.1 kb.errorsafe.com
Removed hosts entry: 127.0.0.1 kb.winantivirus.com
Removed hosts entry: 127.0.0.1 nl.errorsafe.com
Removed hosts entry: 127.0.0.1 se.errorsafe.com
Removed hosts entry: 127.0.0.1 secure.drivecleaner.com
Removed hosts entry: 127.0.0.1 secure.errorsafe.com
Removed hosts entry: 127.0.0.1 secure.winantispam.com
Removed hosts entry: 127.0.0.1 secure.winantispy.com
Removed hosts entry: 127.0.0.1 secure.winantivirus.com
Removed hosts entry: 127.0.0.1 support.winantivirus.com
Removed hosts entry: 127.0.0.1 trial.updates.winsoftware.com
Removed hosts entry: 127.0.0.1 ulog.winantivirus.com
Removed hosts entry: 127.0.0.1 utils.errorsafe.com
Removed hosts entry: 127.0.0.1 utils.winantivirus.com
Removed hosts entry: 127.0.0.1 utils.winfixer.com
Removed hosts entry: 127.0.0.1 winantispyware.com
Removed hosts entry: 127.0.0.1 winantivirus.com
Removed hosts entry: 127.0.0.1 winfixer.com
Removed hosts entry: 127.0.0.1 winfixer2006.com
Removed hosts entry: 127.0.0.1 winsoftware.com
Removed hosts entry: 127.0.0.1 www.drivecleaner.com
Removed hosts entry: 127.0.0.1 www.errorprotector.com
Removed hosts entry: 127.0.0.1 www.errorsafe.com
Removed hosts entry: 127.0.0.1 www.systemdoctor.com
Removed hosts entry: 127.0.0.1 www.utils.winfixer.com
Removed hosts entry: 127.0.0.1 www.win-anti-virus-pro.com
Removed hosts entry: 127.0.0.1 www.win-virus-pro.com
Removed hosts entry: 127.0.0.1 www.winantispam.com
Removed hosts entry: 127.0.0.1 www.winantispy.com
Removed hosts entry: 127.0.0.1 www.winantispyware.com
Removed hosts entry: 127.0.0.1 www.winantivirus.com
Removed hosts entry: 127.0.0.1 www.winantiviruspro.com
Removed hosts entry: 127.0.0.1 www.windrivecleaner.com
Removed hosts entry: 127.0.0.1 www.windrivesafe.com
Removed hosts entry: 127.0.0.1 www.winfixer.com
Removed hosts entry: 127.0.0.1 www.winfixer2006.com
Removed hosts entry: 127.0.0.1 www.winsoftware.com

Scan started: 04/05/2008 22:33:44


Scanning running processes and process memory...

Number of processes/threads found: 671
Number of processes/threads scanned: 670
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 16s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Ida\Dati applicazioni\blueweb\sdxgsdqy.exe (Infected with W32/Lop.GFR)
Deleted file

C:\Documents and Settings\Ida\Documenti\Incoming\Klaus Doldinger - 1984. The Neverending Story (Soundtrack).rar/RR (Error whilst scanning file: I/O Error)



poi ho fatto in modalità normale Combofix ecco il log

ComboFix 08-05-01.3 - Ida 2008-05-04 23.31.08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.175 [GMT 2:00]
Eseguito da: F:\File ricevuti\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ida\Dati applicazioni\macromedia\Flash Player\#SharedObjects\JZ7GATZM\iforex.com
C:\Documents and Settings\Ida\Dati applicazioni\macromedia\Flash Player\#SharedObjects\JZ7GATZM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Ida\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Ida\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

.
((((((((((((((((((((((((( Files Creati Da 2008-04-04 al 2008-05-04 )))))))))))))))))))))))))))))))))))
.

2008-05-04 23:36 . 2008-05-04 23:36 53,248 --a------ C:\Temp\catchme.dll
2008-05-04 23:25 . 2008-05-04 23:25 16,384 --a----t- C:\Temp\Perflib_Perfdata_454.dat
2008-05-04 14:46 . 2008-03-13 23:18 888 --a------ C:\WINDOWS\win.tmp
2008-05-04 14:46 . 2008-05-04 23:36 255 --a------ C:\WINDOWS\system.tmp
2008-05-04 14:43 . 2008-05-04 19:01 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-05-04 14:43 . 2008-05-04 14:43 <DIR> d-------- C:\Documents and Settings\Ida\Dati applicazioni\PC Tools
2008-05-04 14:43 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-05-04 14:43 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-05-04 12:37 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-04 12:32 . 2008-05-04 12:32 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-04-28 21:22 . 2008-04-28 21:23 <DIR> d-------- C:\Programmi\Avanquest update
2008-04-28 21:20 . 2008-04-28 21:31 <DIR> d-------- C:\Programmi\Motorola Phone Tools
2008-04-17 22:11 . 2008-04-17 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-04-15 15:55 . 2001-12-27 06:27 638,976 --a------ C:\WINDOWS\system32\cdwriterxp.ocx
2008-04-15 15:55 . 2004-07-29 22:53 593,920 --a------ C:\WINDOWS\system32\CommandBars.ocx
2008-04-15 15:55 . 2004-05-09 23:07 364,544 --a------ C:\WINDOWS\system32\AudioGeniePro.ocx
2008-04-15 15:55 . 2004-07-29 22:55 290,816 --a------ C:\WINDOWS\system32\SuiteCtrls.ocx
2008-04-15 15:55 . 2001-10-29 10:00 241,664 --a------ C:\WINDOWS\system32\ctlist.ocx
2008-04-15 15:55 . 1998-09-18 16:17 76,288 --a------ C:\WINDOWS\system32\CIHTTP.OCX
2008-04-15 15:55 . 2001-08-23 12:00 5,532 --a------ C:\WINDOWS\system32\Stdole.tlb
2008-04-15 13:51 . 2008-04-26 13:59 <DIR> d-------- C:\Programmi\AudioStreamer
2008-04-15 12:36 . 2008-04-15 13:42 <DIR> d-------- C:\Documents and Settings\Ida\Dati applicazioni\concept design
2008-04-15 12:36 . 2006-05-21 16:15 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-04-15 12:36 . 2006-05-21 16:15 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-04-15 12:36 . 2006-05-21 16:15 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2008-04-15 12:36 . 2006-05-21 16:15 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-04-12 11:52 . 2008-05-01 00:46 50 --a------ C:\plug_in.ini
2008-04-11 21:16 . 2008-05-01 00:35 <DIR> d-------- C:\Programmi\VirtualDJ
2008-04-10 08:39 . 2008-04-10 08:39 <DIR> d-------- C:\e6d168609584efca7c8b3f32e1503e
2008-04-08 21:24 . 2008-04-17 22:08 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-04-06 20:37 . 2008-04-06 20:37 <DIR> d-------- C:\Programmi\File comuni\xing shared
2008-04-06 20:36 . 2008-04-06 20:36 <DIR> d-------- C:\Programmi\Real
2008-04-06 20:36 . 2008-04-06 20:37 <DIR> d-------- C:\Programmi\File comuni\Real
2008-04-06 19:00 . 2008-04-06 19:00 <DIR> d-------- C:\Programmi\File comuni\Stardock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 20:34 --------- d-----w C:\Documents and Settings\Ida\Dati applicazioni\blueweb
2008-05-04 20:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-04 10:41 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-04 09:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-28 19:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-04-28 19:22 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-28 19:20 92,064 ----a-w C:\Documents and Settings\Ida\mqdmmdm.sys
2008-04-28 19:20 9,232 ----a-w C:\Documents and Settings\Ida\mqdmmdfl.sys
2008-04-28 19:20 79,328 ----a-w C:\Documents and Settings\Ida\mqdmserd.sys
2008-04-28 19:20 66,656 ----a-w C:\Documents and Settings\Ida\mqdmbus.sys
2008-04-28 19:20 6,208 ----a-w C:\Documents and Settings\Ida\mqdmcmnt.sys
2008-04-28 19:20 5,936 ----a-w C:\Documents and Settings\Ida\mqdmwhnt.sys
2008-04-28 19:20 4,048 ----a-w C:\Documents and Settings\Ida\mqdmcr.sys
2008-04-28 19:20 25,600 ----a-w C:\WINDOWS\system32\drivers\usbsermptxp.sys
2008-04-28 19:20 25,600 ----a-w C:\Documents and Settings\Ida\usbsermptxp.sys
2008-04-28 19:20 22,768 ----a-w C:\Documents and Settings\Ida\usbsermpt.sys
2008-04-26 13:59 --------- d-----w C:\Programmi\Stardock
2008-04-18 17:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-17 20:49 --------- d-----w C:\Programmi\IEDP2
2008-04-13 08:29 --------- d-----w C:\Programmi\Winamp
2008-04-13 08:29 --------- d-----w C:\Documents and Settings\Ida\Dati applicazioni\Winamp
2008-04-07 21:53 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-07 18:40 --------- d-----w C:\Documents and Settings\Ida\Dati applicazioni\BearShare
2008-04-06 18:36 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-06 18:36 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-27 22:10 --------- d-----w C:\Programmi\MixSense
2008-03-27 22:07 --------- d-----w C:\Programmi\Steinberg
2008-03-25 20:31 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-03-25 19:42 --------- d-----w C:\Programmi\Advanced Sound Recorder
2008-03-22 11:22 --------- d-----w C:\Programmi\MSN Messenger
2008-03-22 11:22 --------- d-----w C:\Programmi\MessengerDiscovery
2008-03-20 21:24 --------- d-----w C:\Documents and Settings\Ida\Dati applicazioni\Axialis
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 20:13 --------- d-----w C:\Programmi\Java
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:01 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-13 15:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2003-04-21 20:49 679,424 ----a-w C:\Programmi\File comuni\msxml4sys32.msm
2003-04-21 20:49 669,184 ----a-w C:\Programmi\File comuni\msxml4sxs32.msm
2003-04-21 20:49 3,433,472 ----a-w C:\Programmi\File comuni\xmlsdkdoc.msm
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFD5A555-2E1A-4AAA-897A-14229131F102}]
2007-10-07 19:22 27538 --a------ C:\WINDOWS\system32\mfc42u32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1C7D7C4D-945C-4BB7-B1B9-B25F0A967710}"= "C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll" [2004-02-06 11:54 188416]

[HKEY_CLASSES_ROOT\clsid\{1c7d7c4d-945c-4bb7-b1b9-b25f0a967710}]
[HKEY_CLASSES_ROOT\PopThis.BARPopThis.1]
[HKEY_CLASSES_ROOT\TypeLib\{1A860BE9-9664-400F-AADA-ACFD1C61346A}]
[HKEY_CLASSES_ROOT\PopThis.BARPopThis]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"del temp"="C:\deltemp.bat" [2006-08-07 03:09 48]
"DAEMON Tools"="F:\Programmi\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"magslog"="C:\DOCUME~1\Ida\DATIAP~1\blueweb\roadgrid.exe" [ ]
"Spyware Doctor"="C:\Programmi\Spyware Doctor\swdoctor.exe" [2006-09-06 15:41 2128016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 22:34 262401]
"AtiPTA"="atiptaxx.exe" [2002-07-26 04:04 290816 C:\WINDOWS\system32\atiptaxx.exe]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2001-12-17 21:22 617984]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Omnipage"="C:\Programmi\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01 49152]
"FREE VIEW GRIM SOAP"="C:\Documents and Settings\All Users\Dati applicazioni\Meal Memo Free View\face bolt.exe" [ ]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-06 20:36 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"Spyware Doctor"="C:\Programmi\Spyware Doctor\swdoctor.exe" [2006-09-06 15:41 2128016]

C:\Documents and Settings\Ida\Menu Avvio\Programmi\Esecuzione automatica\
Last.fm Helper.lnk - F:\Programmi\Last.fm\LastFMHelper.exe [2007-10-28 22:04:28 106496]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"F:\\Programmi\\BearShare\\BearShare.exe"=
"F:\\Programmi\\Emule\\eMule_AdnzA.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"F:\\Programmi\\Last.fm\\LastFM.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22754:TCP"= 22754:TCP:BitComet 22754 TCP
"22754:UDP"= 22754:UDP:BitComet 22754 UDP

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:39]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys []
S3 ZSMC302;PC CAM 300A;C:\WINDOWS\system32\Drivers\usbvm302.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-26 09:17:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 20:00:00 C:\WINDOWS\Tasks\B18F42249248EFA4.job"
- c:\docume~1\ida\datiap~1\blueweb\firstacethis.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 23:36:03
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\Temp\mc21.tmp"
.
Ora fine scansione: 2008-05-04 23.40.15
ComboFix-quarantined-files.txt 2008-05-04 21:39:09

12 Directory 18,334,240,768 byte disponibili
16 Directory 18,371,801,088 byte disponibili

180 --- E O F --- 2008-05-04 09:07:34



Infine il log di hijack

Logfile of HijackThis v1.99.1
Scan saved at 23.46.57, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
F:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ida\Documenti\My Albums\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CFD5A555-2E1A-4AAA-897A-14229131F102} - C:\WINDOWS\system32\mfc42u32.dll
O3 - Toolbar: PopThis! Pop-Up Blocker - {1C7D7C4D-945C-4BB7-B1B9-B25F0A967710} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [FREE VIEW GRIM SOAP] C:\Documents and Settings\All Users\Dati applicazioni\Meal Memo Free View\face bolt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [del temp] C:\deltemp.bat
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [magslog] C:\DOCUME~1\Ida\DATIAP~1\blueweb\roadgrid.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Last.fm Helper.lnk = F:\Programmi\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/DownloaderActiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe


r16
Inviato: Monday, May 05, 2008 8:48:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O2 - BHO: (no name) - {CFD5A555-2E1A-4AAA-897A-14229131F102} - C:\WINDOWS\system32\mfc42u32.dll
O4 - HKLM\..\Run: [FREE VIEW GRIM SOAP] C:\Documents and Settings\All Users\Dati applicazioni\Meal Memo Free View\face bolt.exe
O4 - HKCU\..\Run: [magslog] C:\DOCUME~1\Ida\DATIAP~1\blueweb\roadgrid.exe
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll

Trova e cancella i file in rosso:
C:\WINDOWS\system32\mfc42u32.dll
C:\Documents and Settings\All Users\Dati applicazioni\Meal Memo Free View\face bolt.exe
C:\DOCUME~1\Ida\DATIAP~1\blueweb\roadgrid.exe
C:\Programmi\SurfApps.com\PopThis! Pro\PopThisPro.dll (Elimina la cartella)

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).

Scarica Spy-Bot da qui http://www.aiutaamici.com/software?ID=10831 e fai una scansione sempre in Modalità Provvisoria.

Dai una pulita (registro compreso)con questo http://www.aiutaamici.com/software?ID=11223

Riavvia il computer.
Fai una scansione on-line con questo; http://housecall.trendmicro.com/it/
Rifai la scansione in Modalita provvisoria con Norman Malware Cleaner
E dammi buone notizie.
Ciao.




Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.