Cid: www.ecc... ecc..

[imothep]

Ciao a tutti ho seguito la guida per la rimozione di malware ecc. ma non ho risolto il problema, e' da un po' di giorni che si aprono queste pagine web ad intervalli irregolari Cid:wwwviaggisicuriitecc... o altro tipo di pubblicita' sempre con questo Cid: avanti e ho fatto pulizie con diversi programmi tra l'altro con il vostro consigliato Avg anti-spyware che devo dire di grande efficenza, ha trovato cose che altri tipo spy bot, a-squared, Spyware Terminetor non avevano trovato, ma il fastidioso problema persiste. Mi aiutate per favore? Grazie P.s scusate per il titolo della discussione ma non sapevo casa mettere potete corregerlo eventualmente?

[Al è qui]

Fai una scansione qui:

http://www.kaspersky.com/virusscanner

e posta il risultato.

Dopo scarica questo:

http://www.eusing.com/free_registry_...ry_cleaner.htm

[imothep]

Wednesday, February 13, 2008 8:42:44 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/02/2008
Kaspersky Anti-Virus database records: 560324


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 93563
Number of viruses found 3
Number of infected objects 18
Number of suspicious objects 0
Duration of the scan process 04:33:15

Infected Object Name Virus Name Last Action
C:\avenger\backup.zip/avenger/AdobeUpdateManager.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\avenger\backup.zip/avenger/ISUSPM.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\avenger\backup.zip/avenger/jusched.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\avenger\backup.zip ZIP: infected - 3 skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.da t Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.da t Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\micro\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Temp\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Temp\Cronologia\History.IE5\MSHist012008021 320080214\index.dat Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Temp\Perflib_Perfdata_668.dat Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\micro\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\micro\ntuser.dat Object is locked skipped

C:\Documents and Settings\micro\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\eMule\Incoming\NBA Live 2008 crack.exe/irsetup.dat Infected: P2P-Worm.Win32.P2PAdware.a skipped

C:\Programmi\eMule\Incoming\NBA Live 2008 crack.exe SetupFactory: infected - 1 skipped

C:\Programmi\eMule\Incoming\NOCD NBA Live 2008 crack.exe/irsetup.dat Infected: P2P-Worm.Win32.P2PAdware.a skipped

C:\Programmi\eMule\Incoming\NOCD NBA Live 2008 crack.exe SetupFactory: infected - 1 skipped

C:\Programmi\eMule\Incoming\Win.All NBA Live 2008 crack.exe/irsetup.dat Infected: P2P-Worm.Win32.P2PAdware.a skipped

C:\Programmi\eMule\Incoming\Win.All NBA Live 2008 crack.exe SetupFactory: infected - 1 skipped

C:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped

C:\Programmi\ESET\logs\virlog.dat Object is locked skipped

C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP164\A0049435.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP193\A0059374.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP216\A0088193.exe Infected: not-a-virus:PSWTool.Win32.Messen.e skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP219\A0088329.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP219\A0088331.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP219\A0088332.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP221\A0088486.exe/mspass.exe Infected: not-a-virus:PSWTool.Win32.Messen.e skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP221\A0088486.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP222\A0090949.dll Object is locked skipped

C:\System Volume Information\_restore{C92D8227-90FC-400E-B27F-71256E3FF0FB}\RP222\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Tasks\omxzdz.job Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Deifobe]

Scarica per piacere anche Hijackthis e mettilo in un cartella dedicata (tipo: c:\programmi\Hijackthis).
Lancialo e clicca sul tasto "Do a system scan and save a log file". Posta il file di testo ottenuto.
ciao

[imothep]

Ciao, sono col portatile appena arrivo a casa posto il log il programma gia' c'e' l'ho. Grazie.

[imothep]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.24.24, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\cFosSpeed\spd.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\bak\bak\ISUSPM. exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\cFosSpeed\cFosSpeed.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\bak\bak\ISUSPM. exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [cFosSpeed] C:\Programmi\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Drive Software Does Noun] C:\Documents and Settings\All Users\Dati applicazioni\Extra Audio Drive Software\Amok team.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DateLess] C:\DOCUME~1\micro\DATIAP~1\WAITMO~1\dupe once.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Compila Modulo - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Barra strumenti - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Salva Moduli - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13EBA7DC-E7FF-4D0B-BCD1-6AE170FCFA81}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CCS\Services\Tcpip\..\{9796803A-209F-4066-A98A-0B3D57CC7A00}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{13EBA7DC-E7FF-4D0B-BCD1-6AE170FCFA81}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: d3dim32 - C:\WINDOWS\SYSTEM32\d3dim32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programmi\cFosSpeed\spd.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ServiceLayer ServiceLayerVSS (ServiceLayerVSS) - Nokia. - (no file)

--
End of file - 10112 bytes

[Deifobe]

Scarica CCleaner e SpyBot
Installa e aggiorna Spybot
Disattiva il ripristino configurazione di sistema (start - pannello di controllo - sistema - ripristino configurazione di sistema - spunta "disattiva ripristino configuraz. di sistema")
Visualizza files e cartelle nascoste.

Lancia Hijackthis, clicca sul tasto "Do a system scan only", spunta le seguenti voci e clicca su "fix Checked"
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Drive Software Does Noun] C:\Documents and Settings\All Users\Dati applicazioni\Extra Audio Drive Software\Amok team.exe
O4 - HKCU\..\Run: [DateLess] C:\DOCUME~1\micro\DATIAP~1\WAITMO~1\dupe once.exe

elimina manualmente:
C:\Documents and Settings\All Users\Dati applicazioni\Extra Audio Drive Software (tutta la cartella)
C:\DOCUME~1\micro\DATIAP~1\WAITMO~1(tutta la cartella)


Esegui CCleaner e ripulisci sia i file temporanei e cookie che il registro.
Esegui una scansione con Spybot in modalità provvisoria (*).

(*) Per entrare in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8.
Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).

Riattiva il ripristino configurazione di sistema
Posta un nuovo log di HJT

vai su Virustotal e analizza questo file: c:\windows\SYSTEM32\d3dim32.dll e dimmi di cosa si tratta

Posta il report di FindAWF (scegli opzione "1") e un nuovo log di hjt (oltre al responso di virustotal)

[imothep]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.53.02, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\cFosSpeed\spd.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\bak\bak\ISUSPM. exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\cFosSpeed\cFosSpeed.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\bak\bak\ISUSPM. exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [cFosSpeed] C:\Programmi\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Compila Modulo - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Barra strumenti - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Salva Moduli - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13EBA7DC-E7FF-4D0B-BCD1-6AE170FCFA81}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CCS\Services\Tcpip\..\{9796803A-209F-4066-A98A-0B3D57CC7A00}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{13EBA7DC-E7FF-4D0B-BCD1-6AE170FCFA81}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CS2\Services\Tcpip\..\{13EBA7DC-E7FF-4D0B-BCD1-6AE170FCFA81}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: d3dim32 - C:\WINDOWS\SYSTEM32\d3dim32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programmi\cFosSpeed\spd.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ServiceLayer ServiceLayerVSS (ServiceLayerVSS) - Nokia. - (no file)

--
End of file - 9572 bytes

Ciao Deif Ho fatto la scansione con spy in modalita' provv senza esito cioe' tutto ok, il file che mi hai citato di rimuovere manualmente "C:\DOCUME~1\micro\DATIAP~1\WAITMO~1(tutta la cartella)" non riesco a trovarlo. Attendo tue notizie. Grazie

[imothep]

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\PROGRA~1\CFOSSP~1\BAK

0 File 0 byte
2 Directory 59.257.233.408 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\PROGRA~1\ESET\BAK

17/11/2007 13.52 917.504 nod32kui.exe
1 File 917.504 byte
2 Directory 59.257.233.408 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 59.257.229.312 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\PROGRA~1\NOKIA\NOKIAP~1\BAK

18/06/2007 14.10 271.360 LaunchApplication.exe
1 File 271.360 byte
2 Directory 59.257.229.312 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\PROGRA~1\WINDOW~4\MESSEN~1\BAK

0 File 0 byte
2 Directory 59.257.229.312 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

0 File 0 byte
2 Directory 59.257.229.312 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

0 File 0 byte
3 Directory 59.257.229.312 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

0 File 0 byte
2 Directory 59.257.229.312 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 6412-9D54

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK\BAK

20/03/2006 16.34 213.936 ISUSPM.exe
1 File 213.936 byte
2 Directory 59.257.229.312 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

949376 12 Jan 2008 "C:\Programmi\ESET\nod32kui.exe"
917504 17 Nov 2007 "C:\Programmi\ESET\bak\nod32kui.exe"
271360 18 Jun 2007 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
10256 17 Dec 2007 "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe"
213936 20 Mar 2006 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\bak\ISUSPM. exe"
10256 17 Dec 2007 "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe"
213936 20 Mar 2006 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\bak\ISUSPM. exe"


end of report

[imothep]

Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.2.13.11 2008.02.13 -
AntiVir 7.6.0.65 2008.02.13 TR/Hijacker.Gen
Authentium 4.93.8 2008.02.13 -
Avast 4.7.1098.0 2008.02.13 Win32:Small-IKB
AVG 7.5.0.516 2008.02.13 Downloader.Small.60.AO
BitDefender 7.2 2008.02.13 -
CAT-QuickHeal None 2008.02.13 -
ClamAV 0.92 2008.02.13 -
DrWeb 4.44.0.09170 2008.02.13 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5533 2008.02.13 -
Ewido 4.0 2008.02.13 -
FileAdvisor 1 2008.02.13 -
Fortinet 3.14.0.0 2008.02.13 -
F-Prot 4.4.2.54 2008.02.12 -
F-Secure 6.70.13260.0 2008.02.13 -
Ikarus T3.1.1.20 2008.02.13 Virus.Win32.Small.IKB
Kaspersky 7.0.0.125 2008.02.13 -
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.13 VirTool:Win32/Obfuscator.L
NOD32v2 2871 2008.02.13 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.13 -
Prevx1 V2 2008.02.13 -
Rising 20.31.10.00 2008.02.13 -
Sophos 4.26.0 2008.02.13 Sus/Behav-1021
Sunbelt 2.2.907.0 2008.02.13 -
Symantec 10 2008.02.13 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.13 Trojan.Hijacker.Gen
Informazioni addizionali
File size: 8192 bytes
MD5: e3bf4a3ef1d94bf0241b5a46a4138468
SHA1: cc79f991fe82f21093f875879ed621f9023577d8
PEiD: -
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX