Logfile of HijackThis v1.99.1
Scan saved at 19.11.32, on 02/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Eset\nod32kui.exe
C:\Documents and Settings\TEMP.UTENTE-A2549874.002\Impostazioni locali\Temp\Spyware Doctor 3.8 Crack-Serial-KeyGen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\TEMP.UTENTE-A2549874.002\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [Services] C:\Documents and Settings\TEMP.UTENTE-A2549874.002\Impostazioni locali\Temp\Spyware Doctor 3.8 Crack-Serial-KeyGen.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Global Startup: Michelangelo USB ADSL Wizard.LNK = C:\Programmi\digicom\Michelangelo USB ADSL\Setup.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0E3F2C0-5F77-46BE-90E6-CDDEE7E7F1A1}: NameServer = 213.205.32.70 213.205.36.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EBD6EC-8205-42A3-B694-0DCF59974409}: NameServer = 212.17.192.49
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winopa32 - C:\WINDOWS\SYSTEM32\winopa32.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Documents and Settings\utente\Documenti\Lele\SiSoftware Sandra Lite 2005.SR2\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Documents and Settings\utente\Documenti\Lele\SiSoftware Sandra Lite 2005.SR2\RpcSandraSrv.exe (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe

Edit

Edited by - steven75 on 06/02/2006 20:33:11

Edit


Edited by - steven75 on 06/02/2006 20:34:09

Edit:

Edited by - steven75 on 06/02/2006 20:35:34

Ciao..
<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
- Scarica questi programmi (quelli che non hai)che ti serviranno sia adesso
per ripulire il log ma anche in seguito per la pulizia del tuo sistema.
Antispyware e Protezioni
<u><b>Ad-aware</b></u> - <u><b>SpybotS&D</b></u> - <u><b>Spyware Blaster</b></u>-->>http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Antimlware
<u><b>Ewido</b></u>
<b>PS:</b> é shareware ma dopo i 14 gg di prova,smetterà di funzionare solo
la protezione in tempo reale, il programma potrai continuare ad aggiornarlo per fare lo scan del tuo pc.

Pulizia files inutili
<b><u>Ccleaner</u></b>
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1223

Pulizia chiavi di registro obsolete
<b><u>RegSeeker</u></b>
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=93<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>

---

Adesso per il log prova a fare cosi:
-Scarica lo script per riparare la trusted zone
http://www.mvps.org/winhelp2002/DelDomains.inf (---)(tasto destro sul link e salvalo sul desktop)

---

-<b>Disattiva il ripristino di configurazione di sistema</b>, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N
-<b>Riavvia in modalità provvisoria</b>, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=NA
-<b>Assicurati di avere accesso a file e cartelle nascosti</b>
(Pannello di controllo---> Opzioni Cartella ---> Visualizzazione--->metti la spunta su "visualizza file e cartelle nascoste"--->disattiva nascondi file e cartelle di sistema)
-Adesso tasto destro sul file <b>.inf</b> salvato sul desktop e seleziona installa

Ora avvia hijackthis, metti la spunta alle voci che andro ad elencarti e premi su <b>fix checked</b>

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.
O4 - HKLM\..\Run: [Services] C:\Documents and Settings\TEMP.UTENTE-A2549874.002\Impostazioni locali\Temp\Spyware Doctor 3.8 Crack-Serial-KeyGen.exe
O15 - Trusted Zone: www.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBIniti alSetup1.0.0.15.cab
O20 - Winlogon Notify: winopa32 - C:\WINDOWS\SYSTEM32\winopa32.dll

---

Adesso cerca ed elimina:
C:\WINDOWS\SYSTEM32\<b>winopa32.dll</b>

<b>Nota__</b>se i file non compaiono in modalità provvisoria vanno cercati dalla modalità normale

---

-Dai una ripulita ai files inutili,temp etc con Ccleaner
PS:prima di usarlo vai in opzioni--->avanzate e togli la spunta da:
(elimina file solo se piu vecchi di 48 ore)

- Elimina le chiavi di registro ormai inutili con RegSeeker

- Fai una scansione con il tuo antivirus e con i programmi elencati sopra
- Applica le protezioni di spyware blaster

- Ritorna in modalità normale,<b>riattiva il ripristino config.di sistema </b>e posta un log aggiornato.


<b>PS:Scusate il piccolo casino di Edit</b>



Edited by - steven75 on 06/02/2006 20:36:26