Eccomi di nuovo,la mia amica has preso il mio stesso vireus di messangere
potete verifivare la scansione Hijack
ve ne sarei grata!!

Logfile of HijackThis v1.99.1
Scan saved at 18.12.49, on 28/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\CtrlVol.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\newdll.exe
C:\Programmi\ISTsvc\istsvc.exe
C:\WINDOWS\ygluuiy.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\windows\system32\qjiyon.exe
C:\Documents and Settings\Giusy\Dati applicazioni\sgrunt\IE4321.exe
C:\Documents and Settings\Giusy\Internet Optimizer\optimize.exe
C:\Programmi\BullsEye Network\bin\bargains.exe
C:\WINDOWS\system32\msxct.exe
C:\WINDOWS\system32\aplpq00j.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\newdll.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\File comuni\services.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Giusy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gghqycrdtabf.com/H/IJPjpFK75dYekzPU7zQYeJXlw06ZYmF8zZhzk7xximj/VgFetJIlkU98xHNU5K.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sfonditalia.biz?1746
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [stupid memo fork acid] C:\Documents and Settings\All Users\Dati applicazioni\build deaf stupid memo\planbone.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [wO89rg] C:\WINDOWS\ygluuiy.exe
O4 - HKLM\..\Run: [Á_³#
L"h'þ9Óœð3rÅ_WC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\ygluuiy.exe
O4 - HKLM\..\Run: [FILE] C:\WINDOWS\abcdefg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitewtv32.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Giusy\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Documents and Settings\Giusy\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [aplpq00j] C:\WINDOWS\system32\aplpq00j.exe
O4 - HKLM\..\Run: [gzqicv] c:\windows\system32\qjiyon.exe r
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Stupid Soft] C:\DOCUME~1\Giusy\DATIAP~1\MP3REA~1\Windowmultihtm.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\Run: [DNS] C:\Programmi\File comuni\mc-58-12-0000080.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.sfonditalia.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sfonditalia.biz/dialers/1746/AUTO_1746_N.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

GRAZIE MILLE ANKORA

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gghqycrdtabf.com/H/IJPjpFK75dYekzPU7zQYeJXlw06ZYmF8zZhzk7xximj/VgFetJIlkU98xHNU5K.html
-
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sfonditalia.biz?1746
-
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
-
O4 - HKLM\..\Run: [stupid memo fork acid] C:\Documents and Settings\All Users\Dati applicazioni\build deaf stupid memo\planbone.exe
-
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [wO89rg] C:\WINDOWS\ygluuiy.exe
O4 - HKLM\..\Run: [Á_³#
L"h'þ9Óœð3rÅ_WC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\ygluuiy.exe
O4 - HKLM\..\Run: [FILE] C:\WINDOWS\abcdefg.exe
-
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitewtv32.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Giusy\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Documents and Settings\Giusy\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [aplpq00j] C:\WINDOWS\system32\aplpq00j.exe
O4 - HKLM\..\Run: [gzqicv] c:\windows\system32\qjiyon.exe r
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
-
O4 - HKCU\..\Run: [Stupid Soft] C:\DOCUME~1\Giusy\DATIAP~1\MP3REA~1\Windowmultihtm.exe
-
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\Run: [DNS] C:\Programmi\File comuni\mc-58-12-0000080.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
-
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll
-
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.sfonditalia.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.xbeta69.com
-
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sfonditalia.biz/dialers/1746/AUTO_1746_N.exe
-
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
-
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
-
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
Nail.exe
newdll.exe
ygluuiy.exe
abcdefg.exe
elitewtv32.exe
optimize.exe
msxct.exe
aplpq00j.exe
qjiyon.exe
Windowmultihtm.exe
mc-58-12-0000080.exe
msnmsgr.exe
svcproc.exe
==================================

ELIMINA LE CARTELLE IN ROSSO
C:\WINDOWS\<font color=red><b>EliteToolBar</font id=red></b>
C:\Documents and Settings\All Users\Dati applicazioni\<font color=red><b>build deaf stupid memo</font id=red></b>
C:\Programmi\<font color=red><b>ISTsvc</font id=red></b>
C:\Documents and Settings\Giusy\Dati applicazioni\<font color=red><b>sgrunt</font id=red></b>
C:\Programmi\<font color=red><b>SideFind</font id=red></b>


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.


Nel sistema non é installarto ne Antivirus ne Firewall, pertanto alcuni problemi potrebbero non essere rimossi, consiglierei di formattare il disco fisso e reinstallare tutto a nuovo.

Antivirus gratuito
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=728

Firewall gratuito
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56

Ricordo che Antivirus e Firewall gratuiti non offrono la massima protezione, appena possibile acquistali in versione completa.

---

Collaboratore Aiutamici