[durial666]

Continuano ad arrivarmi questa casella apparirà ogni volta che passano attraverso i miei documenti, come qualsiasi computer o ecc ... E anche quando mi sembrano utilizzare IE, ma non quando utilizzo firefox. Ho usato diversi programmi e ancora ancora lo domina. Forse potrebbe essere un rootkit (spero di no).



I miei log: --

ESET Online Scanner
# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2836 (20080130)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 86fa0ec02340bf40b27cfd3ccc323dee
# End = finito
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-01-31 02:29:31
# Local_time = 2008-01-31 02:29:31 (+0000 GMT Standard Time)
# Paese = "Regno Unito"
# = OSVer NT 6.0.6000
Scandite = 306177 #
Trovato = 0 #
# Scan_time = 8875

SUPERAntiSpyware Scan Entra
http://www.superantispyware.com

Generata 01/31/2008 alle 02:32 AM

Applicazione Versione: 3/9/1008

Core Regole Database Version: 3391
Trace Regole Database Version: 1383

Tipo di scansione: Scansione completa
Totale Scan Time: 02:21:07

Memoria oggetti scanditi: 834
Memoria minacce rilevate: 0
Registro di oggetti scanditi: 7637
Registro di minacce rilevate: 0
File oggetti scanditi: 66364
File minacce rilevate: 6

Adware.Tracking Cookie
C: \ Users \ Chris \ AppData \ Roaming \ Microsoft \ Windows \ C ookies \ chris @ tribalfusion [2]. Txt
C: \ Users \ Chris \ AppData \ Roaming \ Microsoft \ Windows \ C ookies \ chris@adopt.euroclick [2]. Txt

Trojan.Media-Codec/V5-Intaller
C: \ Users \ CHRIS \ Desktop \ INSTALL_PLAYER_3912994 (2). E XE
C: \ Users \ CHRIS \ Desktop \ INSTALL_PLAYER_3912994.EXE
C: \ Windows \ prefetch \ INSTALL_PLAYER_3912994 (2). EXE-03357FA6.pf
C: \ Windows \ prefetch \ INSTALL_PLAYER_3912994.EXE-9E95D8EF.pf

HijackThis

Logfile di Trend Micro HijackThis v2.0.2
Scan salvato in 12:05:19, a 31/01/2008
Piattaforma: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Processi in esecuzione:
C: \ Windows \ System32 \ smss.exe
C: \ Windows \ system32 \ Csrss.exe
C: \ Windows \ system32 \ Wininit.exe
C: \ Windows \ system32 \ Csrss.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ lsm.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ Microsoft.Net \ Framework \ v3.0 \ WPF \ presentazione tationFontCache.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ SLsvc.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ Windows \ System32 \ spoolsv.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.EXE
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Program Files \ TOSHIBA \ Power Saver \ TPwrMain.exe
C: \ Program Files \ TOSHIBA \ SmoothView \ SmoothView.exe
C: \ Program Files \ TOSHIBA \ Flashcards \ TCrdMain.exe
C: \ Program Files \ a-squared Anti-Malware \ a2service.exe
C: \ Windows \ system32 \ agrsmsvc.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ TODDSrv.exe
C: \ Program Files \ TOSHIBA \ Power Saver \ TosCoSrv.exe
c: \ Program Files \ Toshiba \ Bluetooth Toshiba Stack \ TosBtSrv.exe
C: \ Program Files \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ system32 \ SearchIndexer.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Program Files \ TOSHIBA \ Utilities \ KeNotify.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe
C: \ Program Files \ TOSHIBA \ Toshiba Online Product Information \ TOPI.exe
C: \ Program Files \ IDM \ Desktop SMS \ DesktopSMS.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ TOSHIBA \ Registration \ ToshibaRegistration.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Camera Assistant Software per Toshiba \ traybar.exe
C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ a-squared Anti-Malware \ a2guard.exe
C: \ Program Files \ Windows Sidebar \ sidebar.exe
C: \ Program Files \ TOSHIBA \ TOSCDSPD \ TOSCDSPD.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Windows \ system32 \ wbem \ wmiprvse.exe
C: \ Program Files \ Veoh Networks \ Veoh \ VeohClient.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Fantastic Flame Screensaver \ FantasticFlameAgent.exe
C: \ Windows \ ehome \ ehmsas.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Synaptics \ SynTP \ SynToshiba.exe
C: \ Program Files \ Camera Assistant Software per Toshiba \ CEC_MAIN.exe
C: \ Program Files \ Windows Sidebar \ sidebar.exe
C: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSwMgr.exe
C: \ Program Files \ Windows Mail \ WinMail.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ MSN Messenger \ usnsvc.exe
C: \ Program Files \ Microsoft Office \ Office11 \ WINWORD.EXE
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ msiexec.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Windows \ System32 \ svchost.exe
C: \ Windows \ system32 \ SearchProtocolHost.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.altavista.com/audio/default
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int Ethernet Impostazioni, ProxyOverride = *. locali
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O1 - Hosts::: 1 localhost
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - (4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C) - C: \ PROGRA ~ 1 \ MEGAUP ~ 1 \ MEGAUP ~ 1.DLL
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Giocatore - (83FD1F86-B40A-41EE-8512-929F005ED2A8) - C: \ Windows \ orgnavi.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O3 - Toolbar: Megaupload Toolbar - (4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C) - C: \ PROGRA ~ 1 \ MEGAUP ~ 1 \ MEGAUP ~ 1.DLL
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [TPwrMain]% ProgramFiles% \ TOSHIBA \ Power Saver \ TPwrMain.EXE
O4 - HKLM \ .. \ Run: [HSON]% ProgramFiles% \ TOSHIBA \ TBS \ HSON.exe
O4 - HKLM \ .. \ Run: [SmoothView]% ProgramFiles% \ Toshiba \ SmoothView \ SmoothView.exe
O4 - HKLM \ .. \ Run: [00TCrdMain]% ProgramFiles% \ TOSHIBA \ Flashcards \ TCrdMain.exe
O4 - HKLM \ .. \ Run: [KeNotify] C: \ Program Files \ TOSHIBA \ Utilities \ KeNotify.exe
O4 - HKLM \ .. \ Run: [HWSetup] C: \ Program Files \ TOSHIBA \ Utilities \ HWSetup.exe hwSetUP
O4 - HKLM \ .. \ Run: [SVPWUTIL] C: \ Program Files \ TOSHIBA \ Utilities \ SVPWUTIL.exe SVPwUTIL
O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM \ .. \ Run: [Topi] C: \ Program Files \ TOSHIBA \ Toshiba Online Product Information \ topi.exe-startup
O4 - HKLM \ .. \ Run: [Desktop SMS] C: \ Program Files \ IDM \ Desktop SMS \ DesktopSMS.exe / auto
O4 - HKLM \ .. \ Run: [nvsvc] RUNDLL32.EXE C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Toshiba Registration] C: \ Program Files \ Toshiba \ Registration \ ToshibaRegistration.exe
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Camera Assistant Software] "C: \ Program Files \ Camera Assistant Software per Toshiba \ traybar.exe"
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe-startup
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [a-squared] "C: \ Program Files \ a-squared Anti-Malware \ a2guard.exe" / d = 60
O4 - HKLM \ .. \ Run: [PrevxCSI] "C: \ Program Files \ PrevxCSI \ prevxcsi.exe" boot -
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows Sidebar \ sidebar.exe / autorun
O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Program Files \ TOSHIBA \ TOSCDSPD \ TOSCDSPD.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [Veoh] "C: \ Program Files \ Veoh Networks \ Veoh \ VeohClient.exe" / VeohHide
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'Default user')
O4 - Global Startup: Fantastic Flame Agent.lnk = C: \ Program Files \ Fantastic Flame Screensaver \ FantasticFlameAgent.exe
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ npjpi160_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ npjpi160_04.dll
O9 - Extra pulsante: Invia a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & fine a OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra pulsante: eBay - (C08CAF1D-C0A3-40D5-9970-06D067EAC017) -- http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file mancanti)
O9 - Extra pulsante: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
Ø16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
Ø16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
Ø16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø16 - DPF: (D4323BF2-006A-4440-A2F5-27E3E7AB25F8) (Virtools WebPlayer Class) -- http://a532.g.akamai.net/f/532/6712/.../installer.exe
Ø16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
Ø16 - DPF: (F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8) (GoPetsWeb Control) -- https: / / secure.gopetslive.com / dev / GoPetsWeb.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C: \ Program Files \ a-squared Anti-Malware \ a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C: \ Windows \ system32 \ agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 (Bonjour Service) - Apple Computer, Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Sconosciuto proprietario - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file mancanti)
O23 - Service: FlexNet Licensing Service - Macrovision Europe Ltd. - C: \ Program Files \ Common Files \ Macrovision Shared \ FlexNet Publisher \ FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C: \ Windows \ system32 \ TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C: \ Program Files \ TOSHIBA \ Power Saver \ TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c: \ Program Files \ Toshiba \ Bluetooth Toshiba Stack \ TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Program Files \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe

--
Fine del file - 14403 bytes

I'm gonna aggiungere un paio di log da altri programmi per: --

A-Squared

a-squared Anti-Malware - Versione 3.1
Ultimo aggiornamento: 31/01/2008 01:16:41

Impostazioni di scansione:

Oggetti: Memoria, Tracce, Cookies, C: \, E: \
Scansione degli archivi: Il
Euristica: Il
ADS Scan: On

Scan inizio: 31/01/2008 01:46:59

C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 43 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 72 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 80 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 161 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 162 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 167 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 181 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 210 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 282 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 283 rilevati: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 338 rilevati: Trace.TrackingCookie
C: \ Program Files \ DarkandLight \ Launcher.exe rilevati: Trojan-Spy.Win32.Banker.gez

Scanned

File: 160756
Tracce: 296173
Cookie: 381
Processi: 87

Trovato

File: 1
Tracce: 0
Cookie: 11
Processi: 0
Chiavi di registro: 0

Scan fine: 31/01/2008 04:13:41
Tempo di scansione: 2:26:42

C: \ Program Files \ DarkandLight \ Launcher.exe eliminato: Trojan-Spy.Win32.Banker.gez
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 43 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 72 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 80 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 161 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 162 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 167 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 181 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 210 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 282 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 283 soppresso: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro file \ xqe1wgaj.default \ cookies.txt: 338 soppresso: Trace.TrackingCookie

soppresso:

File: 1
Tracce: 0
Cookie: 11

Quando utilizzare Spybot-S & D a mantenere sempre lo stesso problema

[evilfantasy]

Benvenuti a TCF.


Scaricare SmitfraudFix (da S! Ri) sul desktop.

• Estrai tutti i file al tuo Destop.
• Una cartella denominata SmitfraudFix verrà creata sul vostro desktop.

[list]

LEGGERE TUTTE QUESTE ISTRUZIONI PRIMA DI FARE PRIMA DI TUTTO. Fare le domande che si possono avere prima di iniziare.

È possibile stampare queste istruzioni o copia e incolla di notepad e salvarlo sul desktop in quanto non sarà in grado di vedere la pagina in modalità sicura

• Per favore riavviare il computer in modalità provvisoria toccando il tasto F8 appena prima di caricare Windows e selezionando la modalità provvisoria.

• Apri la cartella SmitfraudFix sul desktop, quindi fare doppio clic smitfraudfix.cmd file per avviare lo strumento.

• Seleziona l'opzione # 2 - Pulizia digitando 2 e premere Inserisci.

• Il programma avrà inizio la pulizia del computer e passare attraverso una serie di processi di pulitura. Attendere che lo strumento per completare la pulizia del disco e alla fine.
  • Questo processo può richiedere un po 'di tempo a seconda del vostro computer, vi preghiamo di essere pazienti.
• Quando è completo, si chiuderà automaticamente e si dovrebbe continuare con il passo successivo.

• Vi verrà chiesto: "Pulizia del registro - Vuoi pulire il Registro di sistema? "Risposta Sì digitando Y e premete Inserisci.

• Lo strumento inoltre verificare se wininet.dll è stato infettato. Se è infetto e di una versione pulita viene trovato, verrà richiesto di sostituire il infetti wininet.dll con la pulizia di file.
• Risposta Sì alla domanda "Sostituire il file infetto?"Digitando Y e premete Inserisci.

Un riavvio può essere necessario per completare il processo di pulitura. La relazione può essere trovato alla radice dell'unità di sistema, di solito a C: \ rapport.txt

Passo suggeriti:

• Per ripristinare e Trusted zona ristretta del sito, selezionare 3 e premete Inserisci.

• Ti verrà richiesto: Ripristino Trusted Zone? risposta Y (sì) e premi Inserisci per eliminare fiducia zona.

• Ora riavvio in modalità normale e Post questa nuova rapport.txt nel prossimo post.

• AVVERTENZA Eseguire questa opzione su un computer infetto non rimuoverà i sfondo del desktop. Quindi eseguire solo una volta!

----------

Avanti eseguire una nuova scansione HijackThis e postare il log.

----------

Next post aggiungi
Accedi SmitfraudFix
Nuovo log HijackThis