mi appare sempre system alert

[junior0506]

ciao a tutti sono nuovo...ho un problema al pc..sulla barra delle applicazioni in basso a destra mi appare un cerchio rosso che mi dice system alert..inoltre si aprono sempre delle finestre con scritto spyware alert e cose simili e mi si aprono pagine internet per scaricare spyware...in altri leggendo questo forum ho visto ke inviando i dati ottenuti con il programa hijackthis il problema si puo risolvere...leggendo i problemi di altre persone ho gia fixato alcune cose ke avevo in comune con loro...questi sono i dati ottenuti con hijackthi

Logfile of HijackThis v1.99.1
Scan saved at 22.01.14, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Programmi\Acer\Acer eMode Management\AspireService.exe
C:\Programmi\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Programmi\!tunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Lucho\Documenti\My Completed Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615. 5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: XTN Monitor - {CB6BCBE2-79B4-4B72-BD1F-185FD5A651EB} - C:\WINDOWS\ddwlxtqlmr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - (no file)
O3 - Toolbar: The enqvwkp - {12A25CE9-0A93-4074-9516-A5B1A83141C9} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Programmi\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Programmi\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\!tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gonchy89.spaces.live.com/Phot...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{007D9408-0272-452B-B86B-15538ACB928C}: NameServer = 85.255.114.24,85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A3CD7C6-7F09-4FB9-8B1A-0015EF889172}: NameServer = 85.255.114.24 85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{F032A449-B46F-48C3-A5FB-9CAE91F81704}: NameServer = 85.255.114.24,85.255.112.139
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{007D9408-0272-452B-B86B-15538ACB928C}: NameServer = 85.255.114.24,85.255.112.139
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{007D9408-0272-452B-B86B-15538ACB928C}: NameServer = 85.255.114.24,85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.139
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: agrlmvp - {3DE30B73-59D2-4EC3-B35B-C477D9A89389} - C:\WINDOWS\agrlmvp.dll
O21 - SSODL: bmlvqkn - {36FC5ED2-BF86-4EFA-A24C-57F194892201} - C:\WINDOWS\bmlvqkn.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Programmi\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe


grazie in anticipo

[the hacker]

vogliono farti aquistare un falso antivirus


usa smitfraudfix!

[junior0506]

Originariamente inviato da the hacker
vogliono farti aquistare un falso antivirus


usa smitfraudfix!

ho usato il programma ca mi hai detto...all inizio sembra che va tutto bene ma poi ritorna tutto come prima..ho anche tre icone sul desktop di programmi che non ho istallato..error cleaner, privacy protector e spyware&malware protection...aiutatemi!

[Deifobe]

Sapevi come eseguirlo? Nel dubbio..
Esegui SmitfraudFix (da modalità normale), seleziona l'opzione 1 (Search) e premi invio. Ti verra' visualizzato un file di testo con l'elenco dei file infetti (se presenti): dovresti trovare questo report anche in C:\rapport.txt (NB: process.exe da alcuni antivirus viene rilevato come virus, ovviamente non lo e')
Posta il log di SmitfraudFix

[junior0506]

Originariamente inviato da Deifobe
Sapevi come eseguirlo? Nel dubbio..
Esegui SmitfraudFix (da modalità normale), seleziona l'opzione 1 (Search) e premi invio. Ti verra' visualizzato un file di testo con l'elenco dei file infetti (se presenti): dovresti trovare questo report anche in C:\rapport.txt (NB: process.exe da alcuni antivirus viene rilevato come virus, ovviamente non lo e')
Posta il log di SmitfraudFix

ho letto le istruzioni su internet e ho fatto l opzione 1 in modalita normale poi ha rivviato in modalita provvisoria e ho lanciato l opzione 2...comunque adesso ho rifatto l opzione 1 e ti mando i risultati

SmitFraudFix v2.274

Scan done at 12.52.00,15, 19/01/2008
Run from C:\Documents and Settings\Lucho\Documenti\My Completed Downloads\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Programmi\ad-aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Acer\Acer eConsole\MediaServerService.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Programmi\Acer\Acer eMode Management\AspireService.exe
C:\Programmi\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\sm56hlpr.exe
D:\Programmi\!tunes\iTunesHelper.exe
C:\Programmi\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lucho


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lucho\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Lucho\PREFER~1

C:\DOCUME~1\Lucho\PREFER~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Lucho\PREFER~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Lucho\PREFER~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 85.255.114.24
DNS Server Search Order: 85.255.112.139

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A3CD7C6-7F09-4FB9-8B1A-0015EF889172}: NameServer=85.255.114.24 85.255.112.139
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A3CD7C6-7F09-4FB9-8B1A-0015EF889172}: NameServer=85.255.114.24 85.255.112.139


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[Deifobe]

Stampa o copia queste indicazioni. Se salvi un file di testo, mettilo in c:\

Scarica: Avenger, CCleaner, SpyBot
Installa e aggiorna Spybot

Entra in modalità provvisoria: clicca su start - esegui - digita msconfig e dai ok
in boot.ini spunta casella SAFEBOOT -> applica ( per ritornare in mod. normale stesso percorso e togliere la spunta)

Disattiva il ripristino configurazione di sistema: start - pannello di controllo - sistema - ripristino configurazione di sistema - spunta "disattiva ripristino configuraz. di sistema"
Visualizza file nascosti: da una cartella clicca su strumenti - opzioni cartella - visualizza - visualizza file nascosti

Lancia Hijackthis, clicca sul tasto "Do a system scan only", spunta le seguenti voci e clicca su "fix Checked"
O2 - BHO: XTN Monitor - {CB6BCBE2-79B4-4B72-BD1F-185FD5A651EB} - C:\WINDOWS\ddwlxtqlmr.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: (no name) - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - (no file)
O3 - Toolbar: The enqvwkp - {12A25CE9-0A93-4074-9516-A5B1A83141C9} - C:\WINDOWS\enqvwkp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{007D9408-0272-452B-B86B-15538ACB928C}: NameServer = 85.255.114.24,85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A3CD7C6-7F09-4FB9-8B1A-0015EF889172}: NameServer = 85.255.114.24 85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{F032A449-B46F-48C3-A5FB-9CAE91F81704}: NameServer = 85.255.114.24,85.255.112.139
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{007D9408-0272-452B-B86B-15538ACB928C}: NameServer = 85.255.114.24,85.255.112.139
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{007D9408-0272-452B-B86B-15538ACB928C}: NameServer = 85.255.114.24,85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.24 85.255.112.139
O21 - SSODL: agrlmvp - {3DE30B73-59D2-4EC3-B35B-C477D9A89389} - C:\WINDOWS\agrlmvp.dll
O21 - SSODL: bmlvqkn - {36FC5ED2-BF86-4EFA-A24C-57F194892201} - C:\WINDOWS\bmlvqkn.dll

Rientra in modalità normale (vedi sopra le indicazioni), esegui avenger, seleziona l'opzione "Input Script Manually" e clicca sulla lente d'ingrandimento. All'interno della finestra "Wiew/edit script", nel box bianco, copia/incolla:

files to delete:
C:\WINDOWS\enqvwkp.dll
C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\bmlvqkn.dll

Clicca sul pulsante "Done", poi sul semaforo verde, rispondi 2 volte Yes. Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu.

Esegui CCleaner e ripulisci sia i file temporanei e cookie (2 volte) che il registro.
Esegui una scansione con SpyBot.

Posta un nuovo log di hjt.

NB: nel caso dovessi avere problemi con la connessione :
lancia hijackthis, clixcca su "view the list of backups" -> backpups -> spunta le voci O17 -> e clicca su "restore".
Le O17 = Ukraina

[Deifobe]

finita la procedura, entra in modalità provvisoria, apri la cartella di SmitfraudFix e lancia il programma. Seleziona l'opzione 2 (Clean) e premi invio (elimina i file infetti).
Alla domanda "Registry cleaning - Do you want to clean the registry ?", rispondi "si", digitando "Y" e dai l'invio (rimuove tutto quanto associato con l'infezione - se non erro reimposta lo sfondo del desktop, quindi il tuo potrebbe sparire).
A questo punto il computer si riavviera'per completare il processo di pulizia (altrimenti riavvialo tu in modalita' normale). Sul desktop comparirà un file di testo con risultati, che dovresti trovare anche in C:\rapport.txt. Riposta il log di hjt e anche quello di SmitfraudFix, a questo punto

Prendi nota dei passaggi.