|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
05-04-2007, 03:06 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 5
OS: XP
|
Please Help Me...
Hi...i show you my problem...
Deckard's System Scanner v20070426.43 Run by ADMIN on 2007-05-04 at 22:48:08 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-05-04 20:48:12 UTC - RP1 - Punto di arresto del sistema Backed up registry hives. Performed disk cleanup. -- HijackThis (run as ADMIN.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22.51.19, on 04/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programmi\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Ares\Ares.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\ADMIN\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\ADMIN.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.254:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cica.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 GMSIPCI - d:\install\gmsipci.sys (file missing) S3 NTACCESS - d:\ntaccess.sys (file missing) S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\programmi\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> S3 AresChatServer (Ares Chatroom server) - c:\programmi\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server> -- Scheduled Tasks ------------------------------------------------------------- 2007-05-04 21:43:16 322 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2007-04-27 20:00:00 554 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Esegui scansione completa del sistema - ADMIN.job -- Files created between 2007-04-04 and 2007-05-04 ----------------------------- 2007-05-04 22:40:38 0 d-------- C:\Programmi\SpywareBlaster 2007-05-04 22:14:48 0 d-------- C:\cb8364be270f42e8cb8e6838 2007-05-04 22:09:57 21504 --a------ C:\WINDOWS\system32\cica.dll <Not Verified; ; URL Changer Module> 2007-05-01 21:09:47 284160 --a------ C:\WINDOWS\unin0410.exe 2007-04-30 22:35:25 0 d-------- C:\Programmi\Alcohol Soft 2007-04-30 22:26:23 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-04-30 22:15:44 0 d-------- C:\Programmi\TrustIn Contextual 2007-04-29 18:49:41 0 d-------- C:\Programmi\MSXML 4.0 2007-04-29 18:16:12 0 d-------- C:\Programmi\Windows Defender 2007-04-29 16:48:55 0 d-------- C:\Programmi\Samsung 2007-04-29 16:48:55 0 d-------- C:\Hermes 2007-04-29 16:48:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung 2007-04-26 23:34:48 0 d-------- C:\Programmi\Lavasoft 2007-04-26 23:34:37 0 d-------- C:\Programmi\File comuni\Wise Installation Wizard 2007-04-26 15:49:46 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2007-04-26 15:49:39 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-04-26 15:49:39 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-04-26 15:49:38 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-04-26 15:49:37 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2007-04-26 15:49:31 0 d-------- C:\Programmi\File comuni\Ahead 2007-04-26 15:49:30 0 d-------- C:\Programmi\Ahead 2007-04-25 09:40:12 20992 --a------ C:\WINDOWS\se_spoof.dll <Not Verified; ; se_spoof Module> 2007-04-23 21:58:14 16896 --a------ C:\WINDOWS\inetloader.dll <Not Verified; ; InetLoader Module> 2007-04-23 14:42:16 0 d-------- C:\Programmi\vso 2007-04-22 10:08:14 0 d-------- C:\Programmi\File comuni\Nero 2007-04-22 09:53:27 0 d-------- C:\Programmi\File comuni\LightScribe 2007-04-19 15  44 0 d-------- C:\Programmi\BlackSunSoft.net2007-04-19 14:59:55 0 d-------- C:\Programmi\AudioEdit Deluxe 2007-04-19 14:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data 2007-04-19 14:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{F313FA5D-F27C-4F99-B2B7-07BC8B8E8A98} 2007-04-19 14:56:45 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Seven Zip 2007-04-17 19:57:06 0 d-------- C:\Programmi\Shush! 2007-04-17 14:29:47 0 d-------- C:\Programmi\ADB 2007-04-17 14:29:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-04-17 14:25:54 0 d-------- C:\Programmi\XMPEG 2007-04-16 20:07:07 0 d-------- C:\Programmi\VideoLAN 2007-04-15 19:51:54 0 d-------- C:\WINDOWS\system32\appmgmt 2007-04-15 19:49:37 0 d-------- C:\Programmi\iriver 2007-04-14 15:14:45 0 d-------- C:\Programmi\SlySoft 2007-04-12 17:08:03 405504 --a------ C:\WINDOWS\system32\MsHdSp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager> 2007-04-08 22:49:22 0 d-------- C:\Programmi\Picasa2 2007-04-06 14:35:45 0 d--hs---- C:\WINDOWS\ftpcache 2007-04-06 14:32:37 0 d-------- C:\Programmi\InterActual -- Find3M Report --------------------------------------------------------------- 2007-05-01 11:26:46 0 d-------- C:\Programmi\File comuni\Symantec Shared 2007-04-29 16:49:37 0 d--h----- C:\Programmi\InstallShield Installation Information 2007-04-29 16:48:04 348238 --a------ C:\WINDOWS\system32\perfh010.dat 2007-04-29 16:48:04 48790 --a------ C:\WINDOWS\system32\perfc010.dat 2007-04-26 23:34:54 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Lavasoft 2007-04-26 23:34:37 0 d-------- C:\Programmi\File comuni 2007-04-25 22:21:57 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Vso 2007-04-25 20:13:02 0 d-------- C:\Programmi\eMule 2007-04-23 21:52:40 34 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.log 2007-04-23 21:52:35 47360 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2007-04-23 21:52:35 1144 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.inf 2007-04-23 21:52:35 1074 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.cat 2007-04-23 21:47:25 0 d-------- C:\Programmi\CyberLink 2007-04-17 14:28:12 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\dvdcss 2007-04-16 20:46:48 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\vlc 2007-04-15 19:52:07 0 d-------- C:\Programmi\Power Tab Software 2007-04-08 22:49:29 0 d-------- C:\Programmi\Google 2007-04-04 14:09:21 0 d-------- C:\Programmi\Disney Interactive 2007-04-01 15:33:04 0 d-------- C:\Programmi\Stampa Copertine 2007-04-01 15:07:00 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Help 2007-03-22 14:20:00 0 d-------- C:\Programmi\Ferrero 2007-03-18 23:58:33 0 d-------- C:\Programmi\Winamp 2007-03-18 23:52:48 1152 --a------ C:\WINDOWS\mozver.dat 2007-03-13 22:30:21 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Screenshot Sender 2007-03-13 22:29:49 0 d-------- C:\Programmi\MSN Messenger 2007-03-13 22:29:49 0 d-------- C:\Programmi\Messenger Plus! Live 2007-03-11 17:10:09 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Macromedia 2007-03-10 17:34:03 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\CD-LabelPrint 2007-03-06 20:40:36 0 d-------- C:\Programmi\File comuni\Vivendi Universal Games 2007-03-06 20:40:36 0 d-------- C:\Programmi\Barbie(TM) 2007-03-04 13:45:28 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Apple Computer 2007-03-04 13:45:08 0 d-------- C:\Programmi\QuickTime 2007-03-04 13:44:09 0 d-------- C:\Programmi\iTunes 2007-03-04 13:43:00 0 d-------- C:\Programmi\iPod 2007-03-04 13:39:57 0 d-------- C:\Programmi\File comuni\InstallShield 2007-02-13 23:37:49 0 --a------ C:\WINDOWS\nsreg.dat 2007-02-04 12:47:55 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95> 2007-02-04 12:47:55 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95> -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {0edc6c20-a31c-11db-8ab9-0800200c9a66} C:\WINDOWS\system32\cica.dll {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Programmi\Norton AntiVirus\NavShExt.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programmi\google\googletoolbar1.dll {f015f320-ab08-11db-abbd-0800200c9a66} C:\WINDOWS\inetloader.dll {F67EEB12-AB09-11DB-A6F1-260856D89593} C:\WINDOWS\se_spoof.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "ccApp"="\"C:\\Programmi\\File comuni\\Symantec Shared\\ccApp.exe\"" "Easy-PrintToolBox"="C:\\Programmi\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon" "iTunesHelper"="\"C:\\Programmi\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Programmi\\QuickTime\\qttask.exe\" -atboottime" "Picasa Media Detector"="C:\\Programmi\\Picasa2\\PicasaMediaDetector.exe" "RemoteControl"="C:\\Programmi\\CyberLink\\PowerDVD\\PDVDServ.exe" "LanguageShortcut"="C:\\Programmi\\CyberLink\\PowerDVD\\Language\\Language.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Windows Defender"="\"C:\\Programmi\\Windows Defender\\MSASCui.exe\" -hide" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "ares"="\"C:\\Programmi\\Ares\\Ares.exe\" -h" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "_NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="ShellExecuteHook antimalware di Microsoft" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c77cc03-aa05-11db-b2b5-806d6172696f}] Shell\AutoRun\command D:\setup.exe -- Hosts ----------------------------------------------------------------------- 205.238.40.52 www.winmx.com err.winmx.com 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com 15 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-05-04 at 22:52:07 --------- Thank you for the attention... |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
05-04-2007, 10:32 PM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Please Help Me...
Hello ruggiwlaraza and welcome to TSF,
I see the infection you have onboard. Please run this scanner first, then we can begin cleaning your system. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool.
|
|
|
|
|
05-05-2007, 11:12 AM
|
#3 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 5
OS: XP
|
Re: Please Help Me...
Thank you for the help...
This is the result: SmitFraudFix v2.174 Scan done at 19.06.54,84, 05/05/2007 Run from C:\Documents and Settings\ADMIN\Desktop\SmitfraudFix OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Ares\Ares.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\Programmi\Messenger\msmsgs.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\inetloader.dll FOUND ! C:\WINDOWS\se_spoof.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ADMIN »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ADMIN\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMIN\PREFER~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi C:\Programmi\TrustIn Contextual\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Pagina iniziale corrente" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Scheda PCI Fast Ethernet D-Link DFE-500TX (Rev E) - Miniport dell'Utilità di pianificazione pacchetti DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
05-05-2007, 01:45 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Please Help Me...
Hi,
Now we can begin the cleansing process. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. *************************************************** Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" 
-------------------------------------------------------------------- Disable Windows Defender as it may interfere with the fixes below:
Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries: O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cica.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back into Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. -------------------------------------------------------------------- Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: · "Security Info" · "Warning Message" · "Security Desktop" · "Warning Homepage" · "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. -------------------------------------------------------------------- Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. -------------------------------------------------------------------- Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
-------------------------------------------------------------------- Reboot into Normal Mode. -------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Notes 1. If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. 2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS. -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Then post the following logs in your next reply... c:\rapport.txt AVG A/S log Panda log Hijackthis log |
|
|
|
|
05-06-2007, 12:51 AM
|
#5 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 5
OS: XP
|
Re: Please Help Me...
c:\rapport.txt
SmitFraudFix v2.174 Scan done at 22.48.00,60, 05/05/2007 Run from C:\Documents and Settings\ADMIN\Desktop\SmitfraudFix OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 205.238.40.52 www.winmx.com err.winmx.com 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Programmi\TrustIn Contextual\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Scheda PCI Fast Ethernet D-Link DFE-500TX (Rev E) - Miniport dell'Utilità di pianificazione pacchetti DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{23C9ADD7-248F-4F60-8ADA-D16478777A1A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End -------------------------------------------------------------------------- AVG A/S log --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 23.49.23 05/05/2007 + Scan result: C:\Documents and Settings\ADMIN\Desktop\photoshop crack.zip/crack.exe -> Downloader.Small.ddp : Cleaned. C:\System Volume Information\_restore{62EBCE85-7C60-460C-9AAD-EA1EBA464EF4}\RP2\A0000003.dll -> Downloader.Small.ddp : Cleaned. C:\System Volume Information\_restore{62EBCE85-7C60-460C-9AAD-EA1EBA464EF4}\RP3\A0000015.dll -> Downloader.Small.ddp : Cleaned. C:\System Volume Information\_restore{62EBCE85-7C60-460C-9AAD-EA1EBA464EF4}\RP3\A0000025.dll -> Downloader.Small.ddp : Cleaned. C:\System Volume Information\_restore{62EBCE85-7C60-460C-9AAD-EA1EBA464EF4}\RP3\A0000026.dll -> Downloader.Small.ddp : Cleaned. C:\WINDOWS\4_cha.exe -> Downloader.Small.ddp : Cleaned. :mozilla.126:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.127:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.128:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.129:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.130:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.131:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.132:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.201:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.257:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.262:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.330:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.346:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.70:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.71:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.160:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adobe : Cleaned. :mozilla.312:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.313:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.143:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.144:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\ADMIN\Cookies\admin@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. :mozilla.308:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.309:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.145:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.303:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.17:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.317:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Counted : Cleaned. :mozilla.31:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\ADMIN\Cookies\admin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.316:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.74:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.75:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.322:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.323:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.150:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.298:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.299:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.301:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.304:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.305:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.351:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.352:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.109:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.110:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.192:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Live : Cleaned. :mozilla.193:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Live : Cleaned. :mozilla.194:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Live : Cleaned. :mozilla.124:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.184:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.185:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.224:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.243:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.225:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.226:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.227:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.228:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.229:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.27:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.28:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.29:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.30:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.230:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.231:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.232:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.233:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.234:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.235:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.43:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.44:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.45:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\ADMIN\Cookies\admin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.79:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.80:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.89:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.90:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\ADMIN\Cookies\admin@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.186:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.64:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.155:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.156:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.157:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.158:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.32:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.33:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.34:C:\Documents and Settings\ADMIN\Dati applicazioni\Mozilla\Firefox\Profiles\v872lst8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. ::Report end -------------------------------------------------------------------------- Panda log Incident Status Location Spyware:Cookie/Go Not disinfected C:\Documents and Settings\ADMIN\Cookies\admin@go[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ADMIN\Desktop\SmitfraudFix\Process.exe Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\ADMIN\Desktop\SmitfraudFix\restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe ------------------------------------------------------------------------- Thank you again... |
|
|
|
|
05-06-2007, 11:45 AM
|
#7 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 5
OS: XP
|
Re: Please Help Me...
Deckard's System Scanner v20070426.43
Run by ADMIN on 2007-05-06 at 19:41:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as ADMIN.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19.41.28, on 06/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\Windows Defender\MSASCui.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programmi\Ares\Ares.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Windows Media Player\wmplayer.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmi\Messenger\msmsgs.exe C:\Documents and Settings\ADMIN\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\ADMIN.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.254:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- Files created between 2007-04-06 and 2007-05-06 ----------------------------- 2007-05-06 00:07:05 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-05-05 19:07:00 2630 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-05 19 14 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>2007-05-05 19 14 51200 --a------ C:\WINDOWS\system32\dumphive.exe2007-05-05 19 13 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>2007-05-04 22:40:38 0 d-------- C:\Programmi\SpywareBlaster 2007-05-01 21:09:47 284160 --a------ C:\WINDOWS\unin0410.exe 2007-04-30 22:35:25 0 d-------- C:\Programmi\Alcohol Soft 2007-04-30 22:26:23 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-04-29 18:49:41 0 d-------- C:\Programmi\MSXML 4.0 2007-04-29 18:16:12 0 d-------- C:\Programmi\Windows Defender 2007-04-29 16:48:55 0 d-------- C:\Programmi\Samsung 2007-04-29 16:48:55 0 d-------- C:\Hermes 2007-04-29 16:48:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung 2007-04-26 23:34:48 0 d-------- C:\Programmi\Lavasoft 2007-04-26 23:34:37 0 d-------- C:\Programmi\File comuni\Wise Installation Wizard 2007-04-26 15:49:46 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2007-04-26 15:49:39 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-04-26 15:49:39 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-04-26 15:49:38 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-04-26 15:49:37 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2007-04-26 15:49:31 0 d-------- C:\Programmi\File comuni\Ahead 2007-04-26 15:49:30 0 d-------- C:\Programmi\Ahead 2007-04-23 14:42:16 0 d-------- C:\Programmi\vso 2007-04-22 10:08:14 0 d-------- C:\Programmi\File comuni\Nero 2007-04-22 09:53:27 0 d-------- C:\Programmi\File comuni\LightScribe 2007-04-19 15 44 0 d-------- C:\Programmi\BlackSunSoft.net2007-04-19 14:59:55 0 d-------- C:\Programmi\AudioEdit Deluxe 2007-04-19 14:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data 2007-04-19 14:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{F313FA5D-F27C-4F99-B2B7-07BC8B8E8A98} 2007-04-19 14:56:45 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Seven Zip 2007-04-17 19:57:06 0 d-------- C:\Programmi\Shush! 2007-04-17 14:29:47 0 d-------- C:\Programmi\ADB 2007-04-17 14:29:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-04-17 14:25:54 0 d-------- C:\Programmi\XMPEG 2007-04-16 20:07:07 0 d-------- C:\Programmi\VideoLAN 2007-04-15 19:51:54 0 d-------- C:\WINDOWS\system32\appmgmt 2007-04-15 19:49:37 0 d-------- C:\Programmi\iriver 2007-04-14 15:14:45 0 d-------- C:\Programmi\SlySoft 2007-04-12 17:08:03 405504 --a------ C:\WINDOWS\system32\MsHdSp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager> 2007-04-08 22:49:22 0 d-------- C:\Programmi\Picasa2 2007-04-06 14:35:45 0 d--hs---- C:\WINDOWS\ftpcache 2007-04-06 14:32:37 0 d-------- C:\Programmi\InterActual -- Find3M Report --------------------------------------------------------------- 2007-05-06 01:13:19 0 d-------- C:\Programmi\MegauploadToolbar 2007-05-06 01:13:16 0 d-------- C:\Programmi\iTunes 2007-05-06 01:12:27 0 d-------- C:\Programmi\Google 2007-05-06 01:10:54 0 d-------- C:\Programmi\File comuni\Symantec Shared 2007-05-06 00:59:37 0 d-------- C:\Programmi\Ares 2007-05-06 00:34:44 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Symantec 2007-05-06 00:31:52 0 d-------- C:\Programmi\QuickTime 2007-05-06 00:30:51 0 d-------- C:\Programmi\Messenger 2007-04-29 16:49:37 0 d--h----- C:\Programmi\InstallShield Installation Information 2007-04-29 16:48:04 348238 --a------ C:\WINDOWS\system32\perfh010.dat 2007-04-29 16:48:04 48790 --a------ C:\WINDOWS\system32\perfc010.dat 2007-04-26 23:34:54 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Lavasoft 2007-04-26 23:34:37 0 d-------- C:\Programmi\File comuni 2007-04-25 22:21:57 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Vso 2007-04-25 20:13:02 0 d-------- C:\Programmi\eMule 2007-04-23 21:52:40 34 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.log 2007-04-23 21:52:35 47360 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2007-04-23 21:52:35 1144 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.inf 2007-04-23 21:52:35 1074 --a------ C:\Documents and Settings\ADMIN\Dati applicazioni\pcouffin.cat 2007-04-23 21:47:25 0 d-------- C:\Programmi\CyberLink 2007-04-17 14:28:12 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\dvdcss 2007-04-16 20:46:48 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\vlc 2007-04-15 19:52:07 0 d-------- C:\Programmi\Power Tab Software 2007-04-04 14:09:21 0 d-------- C:\Programmi\Disney Interactive 2007-04-01 15:33:04 0 d-------- C:\Programmi\Stampa Copertine 2007-04-01 15:07:00 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Help 2007-03-22 14:20:00 0 d-------- C:\Programmi\Ferrero 2007-03-18 23:58:33 0 d-------- C:\Programmi\Winamp 2007-03-18 23:52:48 1152 --a------ C:\WINDOWS\mozver.dat 2007-03-13 22:30:21 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Screenshot Sender 2007-03-13 22:29:49 0 d-------- C:\Programmi\MSN Messenger 2007-03-13 22:29:49 0 d-------- C:\Programmi\Messenger Plus! Live 2007-03-11 17:10:09 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\Macromedia 2007-03-10 17:34:03 0 d-------- C:\Documents and Settings\ADMIN\Dati applicazioni\CD-LabelPrint 2007-03-06 20:40:36 0 d-------- C:\Programmi\File comuni\Vivendi Universal Games 2007-03-06 20:40:36 0 d-------- C:\Programmi\Barbie(TM) 2007-02-13 23:37:49 0 --a------ C:\WINDOWS\nsreg.dat -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Programmi\Norton AntiVirus\NavShExt.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programmi\google\googletoolbar1.dll {F67EEB12-AB09-11DB-A6F1-260856D89593} C:\WINDOWS\se_spoof.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "ccApp"="\"C:\\Programmi\\File comuni\\Symantec Shared\\ccApp.exe\"" "Easy-PrintToolBox"="C:\\Programmi\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon" "iTunesHelper"="\"C:\\Programmi\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Programmi\\QuickTime\\qttask.exe\" -atboottime" "Picasa Media Detector"="C:\\Programmi\\Picasa2\\PicasaMediaDetector.exe" "RemoteControl"="C:\\Programmi\\CyberLink\\PowerDVD\\PDVDServ.exe" "LanguageShortcut"="C:\\Programmi\\CyberLink\\PowerDVD\\Language\\Language.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Windows Defender"="\"C:\\Programmi\\Windows Defender\\MSASCui.exe\" -hide" "!AVG Anti-Spyware"="\"C:\\Programmi\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "ares"="\"C:\\Programmi\\Ares\\Ares.exe\" -h" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="ShellExecuteHook antimalware di Microsoft" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c77cc03-aa05-11db-b2b5-806d6172696f}] Shell\AutoRun\command D:\setup.exe -- End of Deckard's System Scanner: finished at 2007-05-06 at 19:42:05 --------- The computer seems to work well... Thank you very much... |
|
|
|
|
05-06-2007, 08:08 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Please Help Me...
Oops...you missed one.
 As before, disable Windows Defender so it does not interfere with the fix. Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entry: O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing) Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: Reset hidden/system files and folders Windows XP =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Ensure Windows Auto Update is Enabled *Go to Start>Run - type wuaucpl.cpl *Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Spyware Guard to catch and block spyware before it can execute. IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. 
|
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
