Please Help Me...

[ruggiwlaraza]

Hi...i show you my problem...


Deckard's System Scanner v20070426.43
Run by ADMIN on 2007-05-04 at 22:48:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-05-04 20:48:12 UTC - RP1 - Punto di arresto del sistema


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as ADMIN.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22.51.19, on 04/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ares\Ares.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ADMIN\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.254:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cica.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\programmi\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 AresChatServer (Ares Chatroom server) - c:\programmi\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Scheduled Tasks -------------------------------------------------------------

2007-05-04 21:43:16 322 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-04-27 20:00:00 554 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Esegui scansione completa del sistema - ADMIN.job


-- Files created between 2007-04-04 and 2007-05-04 -----------------------------

2007-05-04 22:40:38 0 d-------- C:\Programmi\SpywareBlaster
2007-05-04 22:14:48 0 d-------- C:\cb8364be270f42e8cb8e6838
2007-05-04 22:09:57 21504 --a------ C:\WINDOWS\system32\cica.dll <Not Verified; ; URL Changer Module>
2007-05-01 21:09:47 284160 --a------ C:\WINDOWS\unin0410.exe
2007-04-30 22:35:25 0 d-------- C:\Programmi\Alcohol Soft
2007-04-30 22:26:23 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-30 22:15:44 0 d-------- C:\Programmi\TrustIn Contextual
2007-04-29 18:49:41 0 d-------- C:\Programmi\MSXML 4.0
2007-04-29 18:16:12 0 d-------- C:\Programmi\Windows Defender
2007-04-29 16:48:55 0 d-------- C:\Programmi\Samsung
2007-04-29 16:48:55 0 d-------- C:\Hermes
2007-04-29 16:48:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
2007-04-26 23:34:48 0 d-------- C:\Programmi\Lavasoft
2007-04-26 23:34:37 0 d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-04-26 15:49:46 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-04-26 15:49:39 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-26 15:49:39 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-26 15:49:38 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-04-26 15:49:37 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-04-26 15:49:31 0 d-------- C:\Programmi\File comuni\Ahead
2007-04-26 15:49:30 0 d-------- C:\Programmi\Ahead
2007-04-25 09:40:12 20992 --a------ C:\WINDOWS\se_spoof.dll <Not Verified; ; se_spoof Module>
2007-04-23 21:58:14 16896 --a------ C:\WINDOWS\inetloader.dll <Not Verified; ; InetLoader Module>
2007-04-23 14:42:16 0 d-------- C:\Programmi\vso
2007-04-22 10:08:14 0 d-------- C:\Programmi\File comuni\Nero
2007-04-22 09:53:27 0 d-------- C:\Programmi\File comuni\LightScribe
2007-04-19 1544 0 d-------- C:\Programmi\BlackSunSoft.net
2007-04-19 14:59:55 0 d-------- C:\Programmi\AudioEdit Deluxe
2007-04-19 14:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data
2007-04-19 14:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{F313FA5D-F27C-4F99-B2B7-07BC8B8E8A98}
2007-04-19 14:56:45 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Seven Zip
2007-04-17 19:57:06 0 d-------- C:\Programmi\Shush!
2007-04-17 14:29:47 0 d-------- C:\Programmi\ADB
2007-04-17 14:29:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-04-17 14:25:54 0 d-------- C:\Programmi\XMPEG
2007-04-16 20:07:07 0 d-------- C:\Programmi\VideoLAN
2007-04-15 19:51:54 0 d-------- C:\WINDOWS\system32\appmgmt
2007-04-15 19:49:37 0 d-------- C:\Programmi\iriver
2007-04-14 15:14:45 0 d-------- C:\Programmi\SlySoft
2007-04-12 17:08:03 405504 --a------ C:\WINDOWS\system32\MsHdSp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2007-04-08 22:49:22 0 d-------- C:\Programmi\Picasa2
2007-04-06 14:35:45 0 d--hs---- C:\WINDOWS\ftpcache
2007-04-06 14:32:37 0 d-------- C:\Programmi\InterActual


-- Find3M Report ---------------------------------------------------------------

2007-05-01 11:26:46 0 d-------- C:\Programmi\File comuni\Symantec Shared
2007-04-29 16:49:37 0 d--h----- C:\Programmi\InstallShield Installation Information
2007-04-29 16:48:04 348238 --a------ C:\WINDOWS\system32\perfh010.dat
2007-04-29 16:48:04 48790 --a------ C:\WINDOWS\system32\perfc010.dat
2007-04-26 23:34:54 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Lavasoft
2007-04-26 23:34:37 0 d-------- C:\Programmi\File comuni
2007-04-25 22:21:57 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Vso
2007-04-25 20:13:02 0 d-------- C:\Programmi\eMule
2007-04-23 21:52:40 34 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.log
2007-04-23 21:52:35 47360 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-04-23 21:52:35 1144 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.inf
2007-04-23 21:52:35 1074 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.cat
2007-04-23 21:47:25 0 d-------- C:\Programmi\CyberLink
2007-04-17 14:28:12 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\dvdcss
2007-04-16 20:46:48 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\vlc
2007-04-15 19:52:07 0 d-------- C:\Programmi\Power Tab Software
2007-04-08 22:49:29 0 d-------- C:\Programmi\Google
2007-04-04 14:09:21 0 d-------- C:\Programmi\Disney Interactive
2007-04-01 15:33:04 0 d-------- C:\Programmi\Stampa Copertine
2007-04-01 15:07:00 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Help
2007-03-22 14:20:00 0 d-------- C:\Programmi\Ferrero
2007-03-18 23:58:33 0 d-------- C:\Programmi\Winamp
2007-03-18 23:52:48 1152 --a------ C:\WINDOWS\mozver.dat
2007-03-13 22:30:21 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Screenshot Sender
2007-03-13 22:29:49 0 d-------- C:\Programmi\MSN Messenger
2007-03-13 22:29:49 0 d-------- C:\Programmi\Messenger Plus! Live
2007-03-11 17:10:09 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Macromedia
2007-03-10 17:34:03 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\CD-LabelPrint
2007-03-06 20:40:36 0 d-------- C:\Programmi\File comuni\Vivendi Universal Games
2007-03-06 20:40:36 0 d-------- C:\Programmi\Barbie(TM)
2007-03-04 13:45:28 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Apple Computer
2007-03-04 13:45:08 0 d-------- C:\Programmi\QuickTime
2007-03-04 13:44:09 0 d-------- C:\Programmi\iTunes
2007-03-04 13:43:00 0 d-------- C:\Programmi\iPod
2007-03-04 13:39:57 0 d-------- C:\Programmi\File comuni\InstallShield
2007-02-13 23:37:49 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-04 12:47:55 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-02-04 12:47:55 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0edc6c20-a31c-11db-8ab9-0800200c9a66} C:\WINDOWS\system32\cica.dll
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Programmi\Norton AntiVirus\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programmi\google\googletoolbar1.dll
{f015f320-ab08-11db-abbd-0800200c9a66} C:\WINDOWS\inetloader.dll
{F67EEB12-AB09-11DB-A6F1-260856D89593} C:\WINDOWS\se_spoof.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ccApp"="\"C:\\Programmi\\File comuni\\Symantec Shared\\ccApp.exe\""
"Easy-PrintToolBox"="C:\\Programmi\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"iTunesHelper"="\"C:\\Programmi\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programmi\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Programmi\\Picasa2\\PicasaMediaDetector.exe"
"RemoteControl"="C:\\Programmi\\CyberLink\\PowerDVD\\PDVDServ.exe"
"LanguageShortcut"="C:\\Programmi\\CyberLink\\PowerDVD\\Language\\Language.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Windows Defender"="\"C:\\Programmi\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Programmi\\Ares\\Ares.exe\" -h"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"_NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="ShellExecuteHook antimalware di Microsoft"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c77cc03-aa05-11db-b2b5-806d6172696f}]
Shell\AutoRun\command D:\setup.exe


-- Hosts -----------------------------------------------------------------------

205.238.40.52 www.winmx.com err.winmx.com
205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com

15 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-05-04 at 22:52:07 ---------

Thank you for the attention...

[Ried]

Hello ruggiwlaraza and welcome to TSF,

I see the infection you have onboard. Please run this scanner first, then we can begin cleaning your system.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.

• Select option #1 - Search by typing 1 and press "Enter"
• A text file will appear which lists infected files (if present).
• Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

[ruggiwlaraza]

Thank you for the help...
This is the result:

SmitFraudFix v2.174

Scan done at 19.06.54,84, 05/05/2007
Run from C:\Documents and Settings\ADMIN\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ares\Ares.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\Messenger\msmsgs.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\inetloader.dll FOUND !
C:\WINDOWS\se_spoof.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ADMIN


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ADMIN\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMIN\PREFER~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi

C:\Programmi\TrustIn Contextual\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="Pagina iniziale corrente"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Scheda PCI Fast Ethernet D-Link DFE-500TX (Rev E) - Miniport dell'Utilità di pianificazione pacchetti
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[Ried]

Hi,

Now we can begin the cleansing process. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Disable Windows Defender as it may interfere with the fixes below:

• Open Windows Defender.
• Click on Tools, Options.
• Scroll down and uncheck Turn on real-time protection (recommended).
• After you uncheck this, click on the Save button and close Windows Defender.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries:

O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cica.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll


Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back into Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

--------------------------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

--------------------------------------------------------------------

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

--------------------------------------------------------------------

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Notes

1. If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Then post the following logs in your next reply...

c:\rapport.txt
AVG A/S log
Panda log
Hijackthis log

[ruggiwlaraza]

c:\rapport.txt

SmitFraudFix v2.174

Scan done at 22.48.00,60, 05/05/2007
Run from C:\Documents and Settings\ADMIN\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
205.238.40.52 www.winmx.com err.winmx.com
205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Programmi\TrustIn Contextual\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Scheda PCI Fast Ethernet D-Link DFE-500TX (Rev E) - Miniport dell'Utilità di pianificazione pacchetti
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



--------------------------------------------------------------------------

AVG A/S log


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23.49.23 05/05/2007

+ Scan result:



C:\Documents and Settings\ADMIN\Desktop\photoshop crack.zip/crack.exe -> Downloader.Small.ddp : Cleaned.
C:\System Volume Information\_restore{62EBCE85-7C60-460C-9AAD-EA1EBA464EF4}\RP2\A0000003.dll -> Downloader.Small.ddp : Cleaned.
C:\System Volume Information\_restore{62EBCE85-7C60-460C-9AAD-EA1EBA464EF4}\RP3\A0000015.dll -> Downloader.Small.ddp : Cleaned.
C:\System Volume Information\_restore{62EBCE85-7C60-460C-9AAD-EA1EBA464EF4}\RP3\A0000025.dll -> Downloader.Small.ddp : Cleaned.
C:\System Volume Information\_restore{62EBCE85-7C60-460C-9AAD-EA1EBA464EF4}\RP3\A0000026.dll -> Downloader.Small.ddp : Cleaned.
C:\WINDOWS\4_cha.exe -> Downloader.Small.ddp : Cleaned.
:mozilla.126:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.257:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.346:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.71:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.160:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.312:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.313:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.143:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.144:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\ADMIN\Cookies\admin@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.308:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.309:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.145:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.303:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.317:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.31:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\ADMIN\Cookies\admin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.316:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.74:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.322:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.323:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.150:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.298:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.299:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.301:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.304:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.305:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.351:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.352:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.109:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.110:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.192:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.193:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.194:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.124:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.184:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.185:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.224:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.243:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.225:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.226:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.227:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.228:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.229:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.27:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.28:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.29:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.30:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.230:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.231:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.232:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.233:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.234:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.44:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.45:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\ADMIN\Cookies\admin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.79:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.80:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.89:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.90:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\ADMIN\Cookies\admin@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.186:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.64:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.155:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.156:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.157:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.158:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.33:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.34:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

--------------------------------------------------------------------------

Panda log


Incident Status Location

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\ADMIN\Cookies\admin@go[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ADMIN\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\ADMIN\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
-------------------------------------------------------------------------

Thank you again...

[Ried]

Nice work.

Could you please run dss.exe again and post the main.txt?

How is your system behaving now?

[ruggiwlaraza]

Deckard's System Scanner v20070426.43
Run by ADMIN on 2007-05-06 at 19:41:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as ADMIN.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19.41.28, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Ares\Ares.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\ADMIN\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.254:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti