Offer Optimizer e popup: AIUTO!!!

[Fuxasy]

Ciao a tutti.
Sono infestato da Offer Optimizer, che mi fa aprire una finestra "search:" ogni volta che navigo da Google.

Questo è il log con Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 18.46.19, on 12/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmi\Trust\240T\mouse32a.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Program Files\Vndsd\Pmfjn.exe
C:\WINDOWS\atlhg32.exe
D:\Programmi\Skype\Phone\Skype.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\palmOne\HOTSYNC.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\apilt32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Outlook Express\msimn.exe
E:\Programmi\Antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9B7C2335-0843-5E5B-788F-008A17712626} - C:\WINDOWS\system32\systi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\240T\\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Edspycez] C:\Program Files\Vndsd\Pmfjn.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Programmi\Bouncer\liveupdate.exe 110
O4 - HKLM\..\Run: [atlhg32.exe] C:\WINDOWS\atlhg32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Programmi\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [qzom] C:\PROGRA~1\COMMON~1\qzom\qzomm.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\palmOne\HOTSYNC.EXE
O4 - Startup: StarModem ADSL USB MODEM.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://activex.microsoft.com/control...86/ietimer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87DF973F-7B39-4ECC-B3BF-02C0B0C45318}: NameServer = 193.70.152.15 193.70.152.25
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\a32gl.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

Che faccio?
Aiutatemi... vi prego...
(ho provato tutti gli antispyware e malware del mondo...)

Fuxas

[bluepix]

Scarica CWShredder da qui
http://castlecops.com/downloads-cat-14.html

Disabilita il "System restore"
Reboot in modalità provvisoria

fixa le seguenti linee:
attenzione che ti sto chiedendo di togliere il DAP che è un noto Spyware.
Se non lo vuoi rimuovere dimentica le linee conteneti la sigla DAP.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Edspycez] C:\Program Files\Vndsd\Pmfjn.exe
O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Programmi\Bouncer\liveupdate.exe 110
O4 - HKLM\..\Run: [atlhg32.exe] C:\WINDOWS\atlhg32.exe
O4 - HKCU\..\Run: [qzom] C:\PROGRA~1\COMMON~1\qzom\qzomm.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-24.cab
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://activex.microsoft.com/contro...x86/ietimer.cab

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe

cancella la direttrice
C:\PROGRA~1\DAP (se vuoi eliminare il DAP)
C:\PROGRA~1\COMMON~1\qzom\

cancella i files:

C:\Program Files\Vndsd\Pmfjn.exe
C:\Programmi\Bouncer\liveupdate.exe 110
C:\WINDOWS\atlhg32.exe

il tutto IMHO

riparti in modalità normale
riposta il log di hijackthis

ciao

[Fuxasy]

Ciao.

Questo è il log di Hijack dopo i tuoi consigli. Purtroppo il popup c'è ancora...
Ma il programma Cwshredder quando lo devo far girare? Prima di fixare le righe con Hijack, vero?

Logfile of HijackThis v1.99.1
Scan saved at 1.55.08, on 13/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\apilt32.exe
C:\WINDOWS\system32\netja.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmi\Trust\240T\mouse32a.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
D:\Programmi\Skype\Phone\Skype.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\palmOne\HOTSYNC.EXE
E:\Programmi\Antivirus\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9B7C2335-0843-5E5B-788F-008A17712626} - C:\WINDOWS\system32\systi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\240T\\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [netja.exe] C:\WINDOWS\system32\netja.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Manager HotSync.lnk = C:\Programmi\palmOne\HOTSYNC.EXE
O4 - Startup: StarModem ADSL USB MODEM.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\a32gl.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

[bluepix]

Scarica Mwav.exe da qui:
http://channels.lockergnome.com/wind...rus_tool.phtml

Solità modalità provvisoria.
Fai girare Cwshredder.
Da fixare:
O2 - BHO: Class - {9B7C2335-0843-5E5B-788F-008A17712626} - C:\WINDOWS\system32\systi.dll
O4 - HKLM\..\Run: [netja.exe] C:\WINDOWS\system32\netja.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe

cancella i files:
system32\systi.dll
C:\WINDOWS\system32\netja.exe
C:\WINDOWS\system32\apilt32.exe

Lancia Mwav.exe (doppio click sul file .zip)

Salva il report della finestra inferiore

Posta il report di Hijackthis e quello della finestra inferiore di Mwav.exe.

ciao

[YMen]

Quote:

Originariamente inviato da bluepix

Scarica Mwav.exe da qui:
http://channels.lockergnome.com/wind...rus_tool.phtml

Solità modalità provvisoria.
Fai girare Cwshredder.
Da fixare:
O2 - BHO: Class - {9B7C2335-0843-5E5B-788F-008A17712626} - C:\WINDOWS\system32\systi.dll
O4 - HKLM\..\Run: [netja.exe] C:\WINDOWS\system32\netja.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe

cancella i files:
system32\systi.dll
C:\WINDOWS\system32\netja.exe
C:\WINDOWS\system32\apilt32.exe

Lancia Mwav.exe (doppio click sul file .zip)

Salva il report della finestra inferiore

Posta il report di Hijackthis e quello della finestra inferiore di Mwav.exe.

ciao

però mwav.exe ha una piccola pecca infatti non cancella i file infetti che trova ma devono essere cancellati manualmente

[Fuxasy]

Ciao. Ho fatto tutto quello che mi chiedevi.
Questo di seguito è il log di Hijack. Quello di MWA è lunghissimo, non so se posso postarlo qui. Fammi sapere se posso mandartelo in privato. Comunque mi ha trovato ben 51 virus trojan e affini e 80 errori....

Logfile of HijackThis v1.99.1
Scan saved at 9.19.39, on 13/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
E:\Programmi\Antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\240T\\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Manager HotSync.lnk = C:\Programmi\palmOne\HOTSYNC.EXE
O4 - Startup: StarModem ADSL USB MODEM.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\a32gl.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

[YMen]

Quote:

Originariamente inviato da Fuxasy

Ciao. Ho fatto tutto quello che mi chiedevi.
Questo di seguito è il log di Hijack. Quello di MWA è lunghissimo, non so se posso postarlo qui. Fammi sapere se posso mandartelo in privato. Comunque mi ha trovato ben 51 virus trojan e affini e 80 errori....

Logfile of HijackThis v1.99.1
Scan saved at 9.19.39, on 13/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
E:\Programmi\Antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\240T\\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Manager HotSync.lnk = C:\Programmi\palmOne\HOTSYNC.EXE
O4 - Startup: StarModem ADSL USB MODEM.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\a32gl.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

Non vai ancora bene:
Controlla questo,è un proxi che hai?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
Fixa assolutamente:
R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe (file missing)
Poi disinstalla dap che è noto come una spyware e fixa tutte le voci relative a questo

[SkunkWorks 68]

Quote:

Originariamente inviato da Fuxasy

...Platform: Windows XP SP1 (WinNT 5.01.2600)....

Oltre ai consigli di Bluepix e YMen..ne ho un altro io...metti assolutamente il SP 2...

[YMen]

Quote:

Originariamente inviato da SkunkWorks 68

Oltre ai consigli di Bluepix e YMen..ne ho un altro io...metti assolutamente il SP 2...

[Fuxasy]

Zitti... che pare che ora, con i vostri consigli, funzioni tutto...
Mi resta solo la voce seguente che, nonostante io la fixi mi riappare appena rifaccio la scansione (con tutto che il file l'ho cancellato):

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe (file missing)

Chissà perchè!

[juninho85]

Quote:

Originariamente inviato da YMen

Poi disinstalla dap che è noto come una spyware e fixa tutte le voci relative a questo

più che altro CONTIENE spyware

[juninho85]

C:\PROGRA~1\DAP\DAP.EXE
da disintallare
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
elimina l'autorun
C:\Programmi\ClamWin\bin\ClamTray.exe
come sopra,visto che non ha lo scan in real time

C:\WINDOWS\atlhg32.exe
C:\WINDOWS\system32\apilt32.exe
malware
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
edita,inserisci il numero ip del proxy server
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {9B7C2335-0843-5E5B-788F-008A17712626} - C:\WINDOWS\system32\systi.dll
cerca manualemnte ed elimina questo file
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
inutile
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
disintalla
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
come sopra
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
rimuovi
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
malware
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
inutile
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Programmi\Bouncer\liveupdate.exe 110
fixa
O4 - HKLM\..\Run: [atlhg32.exe] C:\WINDOWS\atlhg32.exe
malware
O4 - HKCU\..\Run: [qzom] C:\PROGRA~1\COMMON~1\qzom\qzomm.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\a32gl.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apilt32.exe


e installati quel maledetto service pack 2

[YMen]

Quote:

Originariamente inviato da juninho85

e installati quel maledetto service pack 2

come sei brutale.....
però hai ragione

[juninho85]

Quote:

Originariamente inviato da YMen

come sei brutale.....
però hai ragione

beh dopo che spulci centinaia di log di gente disperata per rimuovere questo o quell'altro malware,poi leggi che manco c'hanno il service pack2

[YMen]

Quote:

Originariamente inviato da juninho85

beh dopo che spulci centinaia di log di gente disperata per rimuovere questo o quell'altro malware,poi leggi che manco c'hanno il service pack2

[bluepix]

Quote:

Originariamente inviato da juninho85

beh dopo che spulci centinaia di log di gente disperata per rimuovere questo o quell'altro malware,poi leggi che manco c'hanno il service pack2

Stra-concordo.

Ormai il Service Pack 2 è foundamentale per la sicurezza e va assolutamente installato insieme a tutte le ultime patch Microsoft .