Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

check after virus cleaning

Started by pasavign , Apr 03 2006 10:17 AM

  • This topic is locked This topic is locked
9 replies to this topic

#1 pasavign

pasavign

    New Member

  • New Member
  • Pip
  • 5 posts
  • Interests:Computer graphics, Web Design, Drawing.

Posted 03 April 2006 - 10:17 AM

I have been infected from virus Downloader.Tibs.
The virus has been eliminated.
I would want to control that all has been cleaned up.
Below the HijackThis log.
In particular, the key:
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
refers to the application "taskdir.exe" that was that one infected.

Can someone help me?
Thanks

------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2.41.40, on 03/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\Programmi\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\Webshots\webshots.scr
D:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.multimediaworks.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Programmi\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Programmi\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Programmi\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Coca-Cola Music Shop Mediabar) - http://sib1.od2.com/...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{18398AAC-C09D-404A-B55F-7E9E210A7148}: NameServer = 213.205.32.70 213.205.36.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{18398AAC-C09D-404A-B55F-7E9E210A7148}: NameServer = 213.205.32.70 213.205.36.70
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

Edited by pasavign, 03 April 2006 - 10:18 AM.

    Advertisements

Register to Remove

#2 pasavign

pasavign

    New Member

  • New Member
  • Pip
  • 5 posts
  • Interests:Computer graphics, Web Design, Drawing.

Posted 03 April 2006 - 02:36 PM

Nobody can Help me? :huh:

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 April 2006 - 06:09 AM

Hello pasavign, welcome to the TC.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#4 pasavign

pasavign

    New Member

  • New Member
  • Pip
  • 5 posts
  • Interests:Computer graphics, Web Design, Drawing.

Posted 05 April 2006 - 02:36 PM

First of all, thanks for the aid.

Below the Spy Sweeper log...
********
19.43: | Start of Session, mercoledě 5 aprile 2006 |
19.43: Spy Sweeper started
19.43: Sweep initiated using definitions version 649
19.43: Starting Memory Sweep
19.45: Memory Sweep Complete, Elapsed Time: 00.02.37
19.45: Starting Registry Sweep
19.45: Found Adware: cws_analyzeie
19.45: HKCR\ietlbass.domp.1\ (3 subtraces) (ID = 116881)
19.45: HKLM\software\classes\ietlbass.domp.1\ (3 subtraces) (ID = 116902)
19.45: Found Adware: cws_analyzeie default.home hijacker
19.45: HKU\WRSS_Profile_S-1-5-21-1202660629-2049760794-682003330-1006\software\microsoft\internet explorer\main\ || start page (ID = 116863)
19.45: HKU\S-1-5-21-1202660629-2049760794-682003330-1004\software\microsoft\windows\currentversion\run\ || msmsgsvc (ID = 116935)
19.45: Registry Sweep Complete, Elapsed Time:00.00.12
19.45: Starting Cookie Sweep
19.45: Found Spy Cookie: statcounter cookie
19.45: liana@statcounter[1].txt (ID = 3447)
19.45: Found Spy Cookie: 2o7.net cookie
19.45: liana@2o7[2].txt (ID = 1957)
19.45: Found Spy Cookie: mediaplex cookie
19.45: liana@mediaplex[1].txt (ID = 6442)
19.45: Found Spy Cookie: tripod cookie
19.45: liana@tripod[1].txt (ID = 3591)
19.45: Found Spy Cookie: realmedia cookie
19.45: liana@realmedia[1].txt (ID = 3235)
19.45: Found Spy Cookie: atlas dmt cookie
19.45: liana@atdmt[2].txt (ID = 2253)
19.45: Found Spy Cookie: yieldmanager cookie
19.45: liana@ad.yieldmanager[2].txt (ID = 3751)
19.45: Found Spy Cookie: adtech cookie
19.45: liana@adtech[2].txt (ID = 2155)
19.45: Found Spy Cookie: tribalfusion cookie
19.45: paolo@tribalfusion[2].txt (ID = 3589)
19.45: Found Spy Cookie: ads.tripod.lycos.com cookie
19.45: paolo@ads.tripod.lycos[2].txt (ID = 2133)
19.45: Found Spy Cookie: qksrv cookie
19.45: paolo@qksrv[2].txt (ID = 3213)
19.45: Found Spy Cookie: bravenet cookie
19.45: paolo@bravenet[2].txt (ID = 2322)
19.45: Found Spy Cookie: advertising cookie
19.45: paolo@advertising[1].txt (ID = 2175)
19.45: paolo@mediaplex[3].txt (ID = 6442)
19.45: Found Spy Cookie: zedo cookie
19.45: paolo@zedo[2].txt (ID = 3762)
19.45: Found Spy Cookie: falkag cookie
19.45: paolo@a.as-us.falkag[2].txt (ID = 2650)
19.45: Found Spy Cookie: a cookie
19.45: paolo@a[1].txt (ID = 2027)
19.45: Found Spy Cookie: atwola cookie
19.45: paolo@atwola[1].txt (ID = 2255)
19.45: Found Spy Cookie: sextracker cookie
19.45: paolo@counter9.sextracker[1].txt (ID = 3362)
19.45: Found Spy Cookie: bpath cookie
19.45: paolo@ads20.bpath[5].txt (ID = 2321)
19.45: Found Spy Cookie: servedby advertising cookie
19.45: paolo@servedby.advertising[2].txt (ID = 3335)
19.45: Found Spy Cookie: aff.oddcast cookie
19.45: paolo@aff.oddcast[2].txt (ID = 2205)
19.45: Found Spy Cookie: kinghost cookie
19.45: paolo@kinghost[1].txt (ID = 2903)
19.45: Found Spy Cookie: go.com cookie
19.45: paolo@go[1].txt (ID = 2728)
19.45: Found Spy Cookie: did-it cookie
19.45: paolo@did-it[2].txt (ID = 2523)
19.45: paolo@2o7[2].txt (ID = 1957)
19.45: paolo@mediaplex[1].txt (ID = 6442)
19.45: paolo@ads20.bpath[2].txt (ID = 2321)
19.45: Found Spy Cookie: servlet cookie
19.45: paolo@servlet[1].txt (ID = 3345)
19.45: Found Spy Cookie: serving-sys cookie
19.45: paolo@serving-sys[1].txt (ID = 3343)
19.45: Found Spy Cookie: overture cookie
19.45: paolo@overture[2].txt (ID = 3105)
19.45: paolo@atdmt[2].txt (ID = 2253)
19.45: paolo@overture[4].txt (ID = 3105)
19.45: Found Spy Cookie: rb4.ampland cookie
19.45: paolo@rb4.ampland[1].txt (ID = 3229)
19.45: paolo@as1.falkag[1].txt (ID = 2650)
19.45: Found Spy Cookie: counter cookie
19.45: paolo@counter[1].txt (ID = 2477)
19.45: Found Spy Cookie: bizrate cookie
19.45: paolo@bizrate[2].txt (ID = 2308)
19.45: Found Spy Cookie: adviva cookie
19.45: paolo@adviva[2].txt (ID = 2177)
19.45: Found Spy Cookie: commission junction cookie
19.45: paolo@commission-junction[1].txt (ID = 2455)
19.45: paolo@qksrv[3].txt (ID = 3213)
19.45: paolo@mediaplex[2].txt (ID = 6442)
19.45: paolo@www.go[1].txt (ID = 2729)
19.45: paolo@eval.bizrate[1].txt (ID = 2309)
19.45: paolo@ads.tripod.lycos[3].txt (ID = 2133)
19.45: paolo@as-us.falkag[1].txt (ID = 2650)
19.45: Found Spy Cookie: adrevolver cookie
19.45: paolo@adrevolver[2].txt (ID = 2088)
19.45: Found Spy Cookie: fastclick cookie
19.45: paolo@fastclick[1].txt (ID = 2651)
19.45: Found Spy Cookie: frenchcum cookie
19.45: paolo@www.frenchcum[2].txt (ID = 2707)
19.45: paolo@rb4.ampland[3].txt (ID = 3229)
19.45: Found Spy Cookie: xiti cookie
19.45: paolo@xiti[1].txt (ID = 3717)
19.45: paolo@realmedia[2].txt (ID = 3235)
19.45: paolo@bravenet[1].txt (ID = 2322)
19.45: Found Spy Cookie: questionmarket cookie
19.45: paolo@questionmarket[2].txt (ID = 3217)
19.45: Found Spy Cookie: webtrendslive cookie
19.45: paolo@dcs8ir0f010000oyioyaka1kl_8j7n[2].txt (ID = 3673)
19.45: Found Spy Cookie: 190dotcom cookie
19.45: paolo@190[1].txt (ID = 1935)
19.45: paolo@ads20.bpath[1].txt (ID = 2321)
19.45: Found Spy Cookie: ccbill cookie
19.45: paolo@ccbill[2].txt (ID = 2369)
19.45: paolo@2o7[1].txt (ID = 1957)
19.45: Found Spy Cookie: server.iad.liveperson cookie
19.45: paolo@server.iad.liveperson[2].txt (ID = 3341)
19.45: paolo@spms.bpath[1].txt (ID = 2321)
19.45: Found Spy Cookie: www.mature-post cookie
19.45: paolo@www.mature-post[1].txt (ID = 3703)
19.45: Found Spy Cookie: tradedoubler cookie
19.45: paolo@tradedoubler[2].txt (ID = 3575)
19.45: paolo@overture[3].txt (ID = 3105)
19.45: Found Spy Cookie: casalemedia cookie
19.45: paolo@casalemedia[1].txt (ID = 2354)
19.45: paolo@adtech[2].txt (ID = 2155)
19.45: Found Spy Cookie: apmebf cookie
19.45: paolo@apmebf[2].txt (ID = 2229)
19.45: paolo@commission-junction[3].txt (ID = 2455)
19.45: paolo@ads20.bpath[3].txt (ID = 2321)
19.45: paolo@spms.bpath[3].txt (ID = 2321)
19.45: Found Spy Cookie: onestat.com cookie
19.45: paolo@stat.onestat[1].txt (ID = 3098)
19.45: Found Spy Cookie: touchclarity cookie
19.45: paolo@fiat.touchclarity[1].txt (ID = 3566)
19.45: Found Spy Cookie: gator cookie
19.45: paolo@gator[2].txt (ID = 2722)
19.45: paolo@realmedia[1].txt (ID = 3235)
19.45: paolo@xiti[3].txt (ID = 3717)
19.45: paolo@www.frenchcum[4].txt (ID = 2707)
19.45: paolo@bizrate[1].txt (ID = 2308)
19.45: paolo@servedby.advertising[3].txt (ID = 3335)
19.45: paolo@2o7[3].txt (ID = 1957)
19.45: paolo@bravenet[3].txt (ID = 2322)
19.45: paolo@www.frenchcum[3].txt (ID = 2707)
19.45: Found Spy Cookie: xxxcounter cookie
19.45: paolo@xxxcounter[1].txt (ID = 3733)
19.45: paolo@questionmarket[3].txt (ID = 3217)
19.45: Found Spy Cookie: www.club-nikki cookie
19.45: paolo@www.club-nikki[1].txt (ID = 2420)
19.45: paolo@counter2.sextracker[1].txt (ID = 3362)
19.45: Found Spy Cookie: maximumcash cookie
19.45: paolo@www.maximumcash[1].txt (ID = 2962)
19.45: paolo@fastclick[2].txt (ID = 2651)
19.45: paolo@server.iad.liveperson[3].txt (ID = 3341)
19.45: paolo@as-eu.falkag[3].txt (ID = 2650)
19.45: paolo@sel.as-eu.falkag[1].txt (ID = 2650)
19.45: paolo@server.iad.liveperson[1].txt (ID = 3341)
19.45: paolo@xiti[2].txt (ID = 3717)
19.45: paolo@atdmt[1].txt (ID = 2253)
19.45: paolo@serving-sys[2].txt (ID = 3343)
19.45: paolo@servedby.advertising[6].txt (ID = 3335)
19.45: Found Spy Cookie: adserver cookie
19.45: paolo@z1.adserver[1].txt (ID = 2142)
19.45: paolo@2o7[7].txt (ID = 1957)
19.45: paolo@statcounter[2].txt (ID = 3447)
19.45: paolo@advertising[3].txt (ID = 2175)
19.45: paolo@as1.falkag[2].txt (ID = 2650)
19.45: paolo@overture[5].txt (ID = 3105)
19.45: paolo@ads20.bpath[4].txt (ID = 2321)
19.45: Found Spy Cookie: bluestreak cookie
19.45: paolo@bluestreak[1].txt (ID = 2314)
19.45: paolo@mediaplex[4].txt (ID = 6442)
19.45: paolo@ads43.bpath[2].txt (ID = 2321)
19.45: paolo@statse.webtrendslive[2].txt (ID = 3667)
19.45: paolo@casalemedia[3].txt (ID = 2354)
19.45: paolo@fastclick[6].txt (ID = 2651)
19.45: Found Spy Cookie: maxserving cookie
19.45: paolo@maxserving[1].txt (ID = 2966)
19.45: paolo@tripod[2].txt (ID = 3591)
19.45: paolo@advertising[2].txt (ID = 2175)
19.45: paolo@server.iad.liveperson[6].txt (ID = 3341)
19.45: Found Spy Cookie: revenue.net cookie
19.45: paolo@revenue[1].txt (ID = 3257)
19.45: Found Spy Cookie: belnk cookie
19.45: paolo@belnk[1].txt (ID = 2292)
19.45: paolo@dist.belnk[2].txt (ID = 2293)
19.45: paolo@fastclick[3].txt (ID = 2651)
19.45: paolo@www.mature-post[2].txt (ID = 3703)
19.45: paolo@casalemedia[5].txt (ID = 2354)
19.46: Found Spy Cookie: engage cookie
19.46: paolo@engage.everyone[1].txt (ID = 2611)
19.46: paolo@dcsgcxwngpifwznfzlmv83o6w_5w4m[2].txt (ID = 3674)
19.46: paolo@questionmarket[1].txt (ID = 3217)
19.46: paolo@servedby.advertising[1].txt (ID = 3335)
19.46: paolo@atdmt[3].txt (ID = 2253)
19.46: paolo@sento.122.2o7[1].txt (ID = 1958)
19.46: paolo@2o7[4].txt (ID = 1957)
19.46: Found Spy Cookie: mrskin cookie
19.46: paolo@mrskin[1].txt (ID = 3020)
19.46: paolo@tradedoubler[1].txt (ID = 3575)
19.46: paolo@as-us.falkag[3].txt (ID = 2650)
19.46: paolo@www.mrskin[2].txt (ID = 3021)
19.46: paolo@bravenet[5].txt (ID = 2322)
19.46: paolo@aolfr.122.2o7[1].txt (ID = 1958)
19.46: Found Spy Cookie: cnt cookie
19.46: paolo@cnt[1].txt (ID = 2422)
19.46: Found Spy Cookie: weborama cookie
19.46: paolo@weborama[2].txt (ID = 3658)
19.46: paolo@www.club-nikki[2].txt (ID = 2420)
19.46: paolo@servlet[2].txt (ID = 3345)
19.46: Found Spy Cookie: sex cookie
19.46: paolo@sex[2].txt (ID = 3347)
19.46: paolo@bravenet[6].txt (ID = 2322)
19.46: Found Spy Cookie: exitexchange cookie
19.46: paolo@exitexchange[1].txt (ID = 2633)
19.46: Found Spy Cookie: inet-traffic.com cookie
19.46: paolo@inet-traffic[1].txt (ID = 2855)
19.46: paolo@exchange.bravenet[1].txt (ID = 2323)
19.46: paolo@advertising[4].txt (ID = 2175)
19.46: paolo@fastclick[4].txt (ID = 2651)
19.46: paolo@statse.webtrendslive[1].txt (ID = 3667)
19.46: Found Spy Cookie: humanclick cookie
19.46: paolo@hc2.humanclick[2].txt (ID = 2810)
19.46: Found Spy Cookie: ask cookie
19.46: paolo@web.ask[2].txt (ID = 2246)
19.46: paolo@zedo[3].txt (ID = 3762)
19.46: paolo@tripod[1].txt (ID = 3591)
19.46: Found Spy Cookie: burstnet cookie
19.46: paolo@burstnet[2].txt (ID = 2336)
19.46: paolo@z1.adserver[3].txt (ID = 2142)
19.46: paolo@servedby.advertising[4].txt (ID = 3335)
19.46: paolo@ask[1].txt (ID = 2245)
19.46: Found Spy Cookie: seeq cookie
19.46: paolo@seeq[1].txt (ID = 3331)
19.46: paolo@server.iad.liveperson[5].txt (ID = 3341)
19.46: Found Spy Cookie: freefind.com cookie
19.46: paolo@freefind[2].txt (ID = 2698)
19.46: Found Spy Cookie: rednova cookie
19.46: paolo@rednova[1].txt (ID = 3245)
19.46: paolo@counter12.sextracker[1].txt (ID = 3362)
19.46: paolo@2o7[6].txt (ID = 1957)
19.46: Found Spy Cookie: xxx69 cookie
19.46: paolo@www.xxx69[2].txt (ID = 3732)
19.46: paolo@casalemedia[2].txt (ID = 2354)
19.46: paolo@www.seeq[1].txt (ID = 3332)
19.46: paolo@www48.seeq[1].txt (ID = 3332)
19.46: paolo@questionmarket[4].txt (ID = 3217)
19.46: Found Spy Cookie: pricegrabber cookie
19.46: paolo@pricegrabber[2].txt (ID = 3185)
19.46: paolo@atwola[3].txt (ID = 2255)
19.46: paolo@serving-sys[4].txt (ID = 3343)
19.46: paolo@as1.falkag[3].txt (ID = 2650)
19.46: Found Spy Cookie: adultfriendfinder cookie
19.46: paolo@adultfriendfinder[1].txt (ID = 2165)
19.46: paolo@as-eu.falkag[1].txt (ID = 2650)
19.46: Found Spy Cookie: paycounter cookie
19.46: paolo@paycounter[2].txt (ID = 3115)
19.46: Found Spy Cookie: sexlist cookie
19.46: paolo@sexlist[2].txt (ID = 3353)
19.46: paolo@190[3].txt (ID = 1935)
19.46: paolo@tradedoubler[3].txt (ID = 3575)
19.46: paolo@S111319[2].txt (ID = 3670)
19.46: paolo@statcounter[1].txt (ID = 3447)
19.46: Found Spy Cookie: excite cookie
19.46: paolo@excite[2].txt (ID = 2631)
19.46: paolo@www.mature-post[3].txt (ID = 3703)
19.46: paolo@S111319[1].txt (ID = 3670)
19.46: paolo@dcsgcxwngpifwznfzlmv83o6w_5w4m[2].txt (ID = 3674)
19.46: Cookie Sweep Complete, Elapsed Time: 00.00.04
19.46: Warning: Failed to open file "c:\pagefile.sys". Accesso negato
19.46: Starting File Sweep
19.46: Warning: Failed to open file "c:\hiberfil.sys". Accesso negato
19.46: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\networkservice\impostazioni locali\dati applicazioni\microsoft\windows\usrclass.dat". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\networkservice\impostazioni locali\dati applicazioni\microsoft\windows\usrclass.dat.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\impostazioni locali\dati applicazioni\microsoft\windows\usrclass.dat". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\impostazioni locali\dati applicazioni\microsoft\windows\usrclass.dat.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs1c0ede49-bc62-4592-bcb5-da71a509cb4e.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsbfbfe0f0-1a80-41b2-8f99-cb824a9f137f.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsf89da341-ae35-4af9-b12d-ad06d35479cd.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs720ae6bf-6646-4bc2-aaa8-d3bd59c801d0.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs91bf28fc-3bfe-4293-8815-ebbf91dd6ca1.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs2532b00f-6464-4c65-9033-01df965599ae.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs7590f6f9-bbb3-4e40-a903-7d580d72856d.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsbacf41b1-c5e8-43c3-8848-e98f92dc19ab.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsb908d1e9-941c-4fe5-8b12-8d49439706a8.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs48d71602-4427-4e71-9a3f-3e0539158400.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs37fb3478-5cdc-4a87-9b04-490fca6b0812.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs240bbdac-c9ee-4e00-8301-f113d72b1a7a.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscse7d7d751-2faa-4b9b-b234-6100ad5058ca.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs723a284a-57d2-4675-83c5-afaa741a8125.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsb5727d6a-ecdd-4eab-9c35-b95a407b9ec9.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsd5ac37b2-106f-4eaa-bc7c-d3bf62059b5e.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs07afd07f-da0c-430d-b560-be61d3ec4f64.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs4967337c-1a0e-4782-9e1e-6360b9ff4c1c.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs72f72e4a-ed25-45fb-8076-1b8715effbd4.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsd88a8b79-5db0-4f8f-8d01-299a075344dd.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsa854b3c3-5e54-4995-97cc-6bfc248c7854.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscscffff6ee-d0d7-45c4-b1be-a39d4e04fc11.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs4d6ce3ef-716b-4517-93cc-a12e590459b0.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsb733be13-efad-446d-be59-20531f1ee98f.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscse727e1ac-1183-44da-a4da-6567aef8ed2c.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsdbd7c73e-dc3e-4a37-ac93-f6e9ee5841ae.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsb2efa909-a99b-42d5-aec0-7e0dc5b1b923.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs91f9844e-fc4e-4f89-9bd5-0dfdc089bb86.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscse87c0eae-782d-4725-b020-57968edb0573.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs76c77064-3a18-4498-855c-3d80ddfbae75.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs74a49856-f746-4a43-a058-b8b469a60a40.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs58efcef9-4630-494e-8841-fad26b271411.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscscdc1b4ae-72c5-4d23-85d7-55e9dd390175.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs999106f3-573f-41d6-9837-b066e9863e36.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs30dec553-63c6-49d5-84c0-03ed57b75ffc.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs5814b1b7-63dd-462e-abd1-2674a573ce47.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsdbaede53-5af0-484b-99f1-7d9a71661197.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsecffe9c5-72e6-4ac1-8713-43426593dc4e.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsdf0b292a-e6d5-45a5-b110-a93c7cabb30b.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs24b51c37-bef3-45ac-b05f-1be1c791329e.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs836144d5-0d70-49de-8a65-b0f3ac07ac42.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsc79ea10c-6045-4f21-9e9a-5ff773b0bce1.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs3cf97138-fb04-4459-838f-b3b43721d546.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs1cc9d73a-c8b9-4dd8-939c-a024b16439fd.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsbe7ac1ca-1c50-4f61-8dd8-2ccea8212be2.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs0493c64c-f473-481b-83a4-d4d90e330df5.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs070222bc-50a7-4ac0-be4e-015422965b89.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscse219e27a-0244-421a-ad99-9d757c1edd31.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsb542efcf-4628-451c-97e1-570b81a967f3.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs4797de48-d5b9-4811-8ef0-b4a080b66f2a.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscseaa154ad-fcc4-452f-95d0-ed84eb8830e9.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs64b68b8b-ec41-498c-963d-88c058babf94.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs80291258-b93f-413e-8dd4-a582c5c18cf6.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsd626b47b-c774-4f77-b157-402c3598227e.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsa3a77565-0bbd-4674-bacf-8b50a935dacc.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs53550af5-7a64-42bb-adfa-85cb76fbbd2e.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs4760380d-31b6-434b-9fa4-1e101231b36c.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs0c6b6ceb-218a-43f1-9286-c31ea25cb2ef.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscse0fbc38b-ba40-4bdf-a10b-d430587f9646.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs56d7124b-df05-4e3e-af8a-2b0eae0bb4fa.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs84b95827-5a19-4ba8-b83d-4b4fae522d8a.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs53a39cf3-46e6-4c1d-a275-d5ae56d9727b.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs538faf94-b85c-4e91-8fa2-59178545872a.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs8f792dd6-63e9-4855-8c94-a8f8eae46ba8.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs93f7375f-71d1-4e2b-8b6a-2263fdce4acd.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs8f268da6-9fbb-4d04-9de1-4a638f2614d0.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs838cde0e-3390-43a7-ac90-7e53ab89cae4.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs9c0cf8fc-27eb-4916-8dc9-e80eb7059106.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs6dae6cb1-d168-45bd-b6ee-108534787cee.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs419a282f-143c-49c8-b040-d43d4e62b502.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs3f83f92a-e05b-40f9-941e-ce31458cfd5f.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs3c80b984-4390-40b3-a83a-2204367120e2.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs62a7a50d-2946-479b-af53-4bfde123cf02.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs1b6d790e-347a-4a9f-9976-b7123cae44eb.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs567d5199-c059-4fe3-807a-694502d4a619.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs4f52abd2-8569-437d-8091-9a2a0dd254c1.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs1bbf788f-fe70-4cc4-9c49-3b9859af0367.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs56886a14-0b83-44c6-8b84-adfa58189e48.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs64cb07bd-2aa2-4b5a-a712-e42349dd1610.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscscf18ab31-07f0-43cf-9723-7c08282be9c8.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs4a7a43aa-611a-4b26-839a-b9610160a5f4.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs0d8ea370-f95d-49e8-bde3-4be54c854c10.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs6cb1e51d-180b-495c-9b5d-5259373797ae.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs0a7be849-721d-419d-89d6-261e85aa81bb.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs1ef7ec5a-4a24-4adb-bc37-25907546e295.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsdab8edc6-2208-410a-b3e3-c6170feb68b8.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs40506de0-a5f1-4cee-a499-4dd394b8f9c0.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscscb94624c-767e-41b6-a4ce-d8487a344519.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscseb1e704d-6b93-491f-b503-e13b6b0b62d8.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsec08879b-945f-4c46-b8e2-f31cd4d4bfb6.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs8f7fc8f6-670c-4768-92c9-02e25bca1d97.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs31716412-4666-4eda-adde-858738da5593.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs01128bec-498a-4a2d-a95d-f3a45a8568d1.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsb51378ab-82b9-47f8-a054-0f3c4a4d3c43.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs4a7ce09b-0658-4c67-a983-875685392d1d.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs70975f37-fd8e-428d-b935-3dbbbc10b693.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs23603be1-ef3d-4794-9438-379365968e57.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs02d5e4c3-368b-454a-963b-cc7b2a3b2d31.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs2f91e66c-bd6e-4c32-b862-f85c5769f8cb.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsa20cecf8-4f77-497f-98ab-f07397d990e6.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs56b54342-6f71-41e5-8a42-16e7f99c197e.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs15065d5f-e377-46de-a2cf-8da47a5f4bea.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscsee3984ed-edd6-466d-a2be-c41a492cc3da.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\localservice\dati applicazioni\webroot\spy sweeper\temp\sscs138404b4-aa01-4f77-a35f-9029fd12ee73.tmp". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\paolo\ntuser.dat.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.46: Warning: Failed to open file "c:\documents and settings\paolo\ntuser.dat". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.52: Warning: Failed to open file "c:\documents and settings\paolo\impostazioni locali\dati applicazioni\microsoft\windows\usrclass.dat". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.52: Warning: Failed to open file "c:\documents and settings\paolo\impostazioni locali\dati applicazioni\microsoft\windows\usrclass.dat.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
19.53: Warning: Failed to open file "c:\documents and settings\paolo\preferiti\paolo\fumetti\actualité de la bande dessinée univers bd, le magazine 100% bande dessin?e.url". La sintassi del nome del file, della directory o del volume č incorretta
20.05: Found Trojan Horse: trojan-backdoor-securemulti
20.05: taskdir.dll (ID = 271080)
20.06: Warning: Failed to open file "c:\windows\system32\config\system.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\software.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\default.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\sam.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\security.log". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\default". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\security". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\software". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\system". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.06: Warning: Failed to open file "c:\windows\system32\config\sam". Impossibile accedere al file. Il file č utilizzato da un altro processo
20.26: voblaizdupla.exe (ID = 271694)
20.29: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{eb9ae81f-99c8-48db-8a28-3aadaa66db6b}.bin". Impossibile accedere al file. Il file č utilizzato da un altro processo
21.00: taskdir.dll (ID = 271080)
21.00: voblaizdupla.exe (ID = 271694)
21.03: Warning: Unhandled Archive Type
21.03: Warning: Invalid Stream
21.03: Warning: Invalid Stream
21.03: Warning: Unhandled Archive Type
21.03: Warning: Unhandled Archive Type
21.14: Warning: Unhandled Archive Type
21.21: Warning: Unhandled Archive Type
21.55: File Sweep Complete, Elapsed Time: 02.09.04
21.55: Full Sweep has completed. Elapsed time 01.21.41
21.55: Traces Found: 191
21.56: Removal process initiated
21.56: Quarantining All Traces: cws_analyzeie
21.56: Quarantining All Traces: trojan-backdoor-securemulti
21.56: Quarantining All Traces: cws_analyzeie default.home hijacker
21.56: Quarantining All Traces: 190dotcom cookie
21.56: Quarantining All Traces: 2o7.net cookie
21.56: Quarantining All Traces: a cookie
21.56: Quarantining All Traces: adrevolver cookie
21.56: Quarantining All Traces: ads.tripod.lycos.com cookie
21.56: Quarantining All Traces: adserver cookie
21.56: Quarantining All Traces: adtech cookie
21.56: Quarantining All Traces: adultfriendfinder cookie
21.56: Quarantining All Traces: advertising cookie
21.56: Quarantining All Traces: adviva cookie
21.56: Quarantining All Traces: aff.oddcast cookie
21.56: Quarantining All Traces: apmebf cookie
21.56: Quarantining All Traces: ask cookie
21.56: Quarantining All Traces: atlas dmt cookie
21.56: Quarantining All Traces: atwola cookie
21.56: Quarantining All Traces: belnk cookie
21.56: Quarantining All Traces: bizrate cookie
21.56: Quarantining All Traces: bluestreak cookie
21.56: Quarantining All Traces: bpath cookie
21.56: Quarantining All Traces: bravenet cookie
21.56: Quarantining All Traces: burstnet cookie
21.56: Quarantining All Traces: casalemedia cookie
21.56: Quarantining All Traces: ccbill cookie
21.56: Quarantining All Traces: cnt cookie
21.56: Quarantining All Traces: commission junction cookie
21.56: Quarantining All Traces: counter cookie
21.56: Quarantining All Traces: did-it cookie
21.56: Quarantining All Traces: engage cookie
21.56: Quarantining All Traces: excite cookie
21.56: Quarantining All Traces: exitexchange cookie
21.56: Quarantining All Traces: falkag cookie
21.56: Quarantining All Traces: fastclick cookie
21.56: Quarantining All Traces: freefind.com cookie
21.56: Quarantining All Traces: frenchcum cookie
21.56: Quarantining All Traces: gator cookie
21.56: Quarantining All Traces: go.com cookie
21.56: Quarantining All Traces: humanclick cookie
21.56: Quarantining All Traces: inet-traffic.com cookie
21.56: Quarantining All Traces: kinghost cookie
21.56: Quarantining All Traces: maximumcash cookie
21.56: Quarantining All Traces: maxserving cookie
21.56: Quarantining All Traces: mediaplex cookie
21.56: Quarantining All Traces: mrskin cookie
21.56: Quarantining All Traces: onestat.com cookie
21.56: Quarantining All Traces: overture cookie
21.56: Quarantining All Traces: paycounter cookie
21.56: Quarantining All Traces: pricegrabber cookie
21.56: Quarantining All Traces: qksrv cookie
21.56: Quarantining All Traces: questionmarket cookie
21.56: Quarantining All Traces: rb4.ampland cookie
21.56: Quarantining All Traces: realmedia cookie
21.56: Quarantining All Traces: rednova cookie
21.56: Quarantining All Traces: revenue.net cookie
21.56: Quarantining All Traces: seeq cookie
21.56: Quarantining All Traces: servedby advertising cookie
21.56: Quarantining All Traces: server.iad.liveperson cookie
21.56: Quarantining All Traces: serving-sys cookie
21.56: Quarantining All Traces: servlet cookie
21.56: Quarantining All Traces: sex cookie
21.56: Quarantining All Traces: sexlist cookie
21.56: Quarantining All Traces: sextracker cookie
21.56: Quarantining All Traces: statcounter cookie
21.56: Quarantining All Traces: touchclarity cookie
21.56: Quarantining All Traces: tradedoubler cookie
21.56: Quarantining All Traces: tribalfusion cookie
21.56: Quarantining All Traces: tripod cookie
21.56: Quarantining All Traces: weborama cookie
21.56: Quarantining All Traces: webtrendslive cookie
21.56: Quarantining All Traces: www.club-nikki cookie
21.56: Quarantining All Traces: www.mature-post cookie
21.56: Quarantining All Traces: xiti cookie
21.56: Quarantining All Traces: xxx69 cookie
21.56: Quarantining All Traces: xxxcounter cookie
21.56: Quarantining All Traces: yieldmanager cookie
21.56: Quarantining All Traces: zedo cookie
21.57: Removal process completed. Elapsed time 00.01.35
********
19.37: | Start of Session, mercoledě 5 aprile 2006 |
19.37: Spy Sweeper started
19.39: Your spyware definitions have been updated.
19.43: | End of Session, mercoledě 5 aprile 2006 |


... And then Hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 22.06.00, on 05/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\Programmi\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.multimediaworks.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Programmi\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Programmi\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Programmi\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Coca-Cola Music Shop Mediabar) - http://sib1.od2.com/...nagerPlugin.CAB
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

It seems that now my computer works well.

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 April 2006 - 03:02 PM

You now need To disable SpySweeper: It will stop our fix.

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notifiction".



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
C:\WINDOWS\system32\taskdir.exe


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#6 pasavign

pasavign

    New Member

  • New Member
  • Pip
  • 5 posts
  • Interests:Computer graphics, Web Design, Drawing.

Posted 06 April 2006 - 07:05 PM

Excuse me for my BAD english...

...
...
Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notifiction".
...
...


The installed version of ewido is in Italian (although I have chosen English) and, unfortunately,
it does not correspond exactly to what you have indicated.
However I believe I have correctly set up it.

Below the report of ewido...

---------------------------------------------------------
ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 1.50.00, 07/04/2006
+ Report-Checksum: 20A1CB0F

+ Risultati scansione:

C:\Documents and Settings\Paolo\Impostazioni locali\Temp\Cookies\paolo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Pulito con Backup
:mozilla.24:C:\Documents and Settings\Paolo\Dati applicazioni\Mozilla\Firefox\Profiles\muwepb31.default\cookies.txt -> TrackingCookie.2o7 : Pulito con Backup
C:\Documents and Settings\Liana\Cookies\liana@doubleclick[1].txt -> TrackingCookie.Doubleclick : Pulito con Backup
C:\WINDOWS\system32\rciapjem.ewj -> Trojan.Agent.qe : Pulito con Backup
G:\WINDOWS\system32\rciapjem.ewj -> Trojan.Agent.qe : Pulito con Backup


::Fine Rapporto


... And then Hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 2.55.03, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\Programmi\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.multimediaworks.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Programmi\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Programmi\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Programmi\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Coca-Cola Music Shop Mediabar) - http://sib1.od2.com/...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{18398AAC-C09D-404A-B55F-7E9E210A7148}: NameServer = 213.205.32.70 213.205.36.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{18398AAC-C09D-404A-B55F-7E9E210A7148}: NameServer = 213.205.32.70 213.205.36.70
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 April 2006 - 07:13 PM

Good Job :thumbup:

Log looks good :D :thumbup: How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.





If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 pasavign

pasavign

    New Member

  • New Member
  • Pip
  • 5 posts
  • Interests:Computer graphics, Web Design, Drawing.

Posted 07 April 2006 - 06:57 AM

Thank you very much for the aid!
I really appreciate it.

If you will come to Ravenna, it will be a pleasure to meet you!
:D

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 April 2006 - 03:03 PM

Thank you very much for the aid!
I really appreciate it.

If you will come to Ravenna, it will be a pleasure to meet you!
:D

If I ever get there I'll take you up on that :thumbup:


Great job :thumbup:

You're more then welcome.
Glad we were able to help

Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 08 April 2006 - 07:37 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·