Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » AIUTO LOG

2 pages: [1] 2
AIUTO LOG Opzioni
Topic Precedente · Topic Sucessivo
jei-jei979
Inviato: Saturday, January 10, 2009 2:22:59 AM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
Ciao a tutti, ultimamente ho avuto dei problemi con messenger. Probabilmente a causa di una virus qualcuno ha copiato la mia connessione ed ogni tanto mi accade che il mio messenger si chiuda dicendomi che qualcun'altro si è connesso con i miei dati. inoltre a tutti i miei contatti arriva un link da parte mia e se aprono il link beccano anche loro il virus.
Vi posto il Log sperando di risolvere e sperando di essere stato chiaro.
Grazie anticipatamente, ciao.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.22.04, on 10/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WINDEasyConnect\WTGService.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204569080937
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{575CC455-1CA9-4E03-BFCE-060C2CABE7EE}: NameServer = 85.37.17.58 85.38.28.94
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WTGService - Unknown owner - C:\Programmi\WINDEasyConnect\WTGService.exe

--
End of file - 8943 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, January 10, 2009 2:22:59 AM

 
Torna in alto
 
shapiro
Inviato: Saturday, January 10, 2009 10:44:33 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
A parte queste due voci inutili il log e' pulito


apri hijackthis, premi "do a system scan only", cerca e spunta le voci seguenti:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


premi fix checked.




scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
jei-jei979
Inviato: Saturday, January 10, 2009 4:20:35 PM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
Ciao, ho fatto tutto quello che mi avete suggerito ed ora vi posto il log di Malwarebytes dopo aver effettuato la scansione.
Solo per pura informazione faccio presente che Malwarebytes ha comunque rilevato 3 virus e che durante la scansione il mio antivirus (AVG) rilevava spesso delle continue minacce.
Comunque questo è il log, spero in una vostra risposta ed una soluzione al problema.
Grazie a tutti, ciao.


Malwarebytes' Anti-Malware 1.32
Versione del database: 1638
Windows 5.1.2600 Service Pack 3

10/01/2009 16.16.03
mbam-log-2009-01-10 (16-15-57).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 126786
Tempo trascorso: 40 minute(s), 29 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> No action taken.
Torna in alto
 
shapiro
Inviato: Saturday, January 10, 2009 5:08:27 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai delle infezioni in system 32


riavvia malwarebytes ed elimina tutto

poi usa questo programmino


http://eric.71.mespages.googlepages.com/LopSD.exe

con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis
Torna in alto
 
jei-jei979
Inviato: Saturday, January 10, 2009 8:35:52 PM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
Ciao, ho fatto tutto quello richiesto e vi posto i 2 log.
Grazie come sempre per tutto e attendo notizie. Ciao




--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Ver 1.00PARTTBL
USER : Amministratore ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:51 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:89 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 10/01/2009|20.28 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\Programmi\BitTorrent Fastest Tool\BitDownload-4.5.0.0-setup.exe
Deleted! - C:\Programmi\BitTorrent Fastest Tool\INSTALL.LOG
Deleted! - C:\DOCUME~1\AMMINI~1\Cookies\amministratore@adopt.euroclick[2].txt
Deleted! - C:\Programmi\BitTorrent Fastest Tool

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[17/12/2008|14.18] C:\DOCUME~1\ALLUSE~1\DATIAP~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/05/2008|11.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[06/04/2008|16.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple
[06/04/2008|16.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[30/12/2008|11.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg7
[05/02/2008|17.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CyberLink
[05/02/2008|17.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink
[03/01/2009|16.56] C:\DOCUME~1\ALLUSE~1\DATIAP~1\GiocoDigitale
[05/02/2008|18.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Grisoft
[07/03/2008|14.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Hewlett-Packard
[07/03/2008|14.44] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HP
[07/03/2008|14.44] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HP Product Assistant
[07/03/2008|14.46] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HPSSUPPLY
[10/01/2009|14.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[10/01/2009|01.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[15/12/2008|16.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft Help
[05/02/2008|17.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nero
[21/06/2008|12.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Office Genuine Advantage
[04/01/2009|21.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PC Suite
[04/11/2008|20.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TomTom
[07/03/2008|14.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WEBREG
[30/08/2008|13.08] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[03/03/2008|19.46] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[25|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[07/03/2008|02.02] C:\DOCUME~1\AMMINI~1\DATIAP~1\Adobe
[10/05/2008|13.43] C:\DOCUME~1\AMMINI~1\DATIAP~1\AdobeUM
[05/02/2008|17.48] C:\DOCUME~1\AMMINI~1\DATIAP~1\Ahead
[06/04/2008|16.32] C:\DOCUME~1\AMMINI~1\DATIAP~1\Apple Computer
[12/12/2008|00.05] C:\DOCUME~1\AMMINI~1\DATIAP~1\AVG7
[07/03/2008|14.50] C:\DOCUME~1\AMMINI~1\DATIAP~1\HP
[05/04/2008|20.21] C:\DOCUME~1\AMMINI~1\DATIAP~1\HPAppData
[05/02/2008|17.21] C:\DOCUME~1\AMMINI~1\DATIAP~1\Identities
[05/02/2008|17.39] C:\DOCUME~1\AMMINI~1\DATIAP~1\InstallShield
[03/03/2008|19.28] C:\DOCUME~1\AMMINI~1\DATIAP~1\Macromedia
[10/01/2009|14.00] C:\DOCUME~1\AMMINI~1\DATIAP~1\Malwarebytes
[02/11/2008|22.04] C:\DOCUME~1\AMMINI~1\DATIAP~1\Microsoft
[18/04/2008|18.34] C:\DOCUME~1\AMMINI~1\DATIAP~1\Nokia
[18/04/2008|18.41] C:\DOCUME~1\AMMINI~1\DATIAP~1\NSeries
[18/04/2008|18.42] C:\DOCUME~1\AMMINI~1\DATIAP~1\PC Suite
[10/09/2008|13.49] C:\DOCUME~1\AMMINI~1\DATIAP~1\Sierra Wireless
[25/12/2008|20.29] C:\DOCUME~1\AMMINI~1\DATIAP~1\uTorrent
[10/09/2008|15.19] C:\DOCUME~1\AMMINI~1\DATIAP~1\WINDEasyConnect
[0|File] C:\DOCUME~1\AMMINI~1\DATIAP~1\byte
[20|Directory] C:\DOCUME~1\AMMINI~1\DATIAP~1\byte disponibili

[05/02/2008|17.02] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[05/02/2008|18.00] C:\DOCUME~1\LOCALS~1\DATIAP~1\AVG7
[05/02/2008|18.00] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[05/02/2008|18.00] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[29/12/2008 23.36][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/01/2009 20.42][--a------] C:\WINDOWS\tasks\OGADaily.job
[10/01/2009 20.23][--a------] C:\WINDOWS\tasks\OGALogon.job
[10/01/2009 20.23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[19/08/2004 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[03/01/2009|17.58] C:\Programmi\55_8_04
[05/02/2008|17.42] C:\Programmi\Adobe
[03/03/2008|19.13] C:\Programmi\Alice ti aiuta
[16/11/2008|12.59] C:\Programmi\Apple Software Update
[03/01/2009|19.28] C:\Programmi\B2BPOKER
[16/11/2008|12.51] C:\Programmi\Bonjour
[03/03/2008|19.13] C:\Programmi\Common Files
[05/02/2008|16.59] C:\Programmi\ComPlus Applications
[05/02/2008|17.45] C:\Programmi\CyberLink
[18/04/2008|18.33] C:\Programmi\DIFX
[05/02/2008|17.43] C:\Programmi\DVD Shrink
[06/01/2009|14.46] C:\Programmi\eMule
[10/01/2009|01.48] C:\Programmi\File comuni
[05/02/2008|18.00] C:\Programmi\Grisoft
[05/02/2008|17.36] C:\Programmi\Hewlett-Packard
[07/03/2008|14.46] C:\Programmi\HP
[24/12/2008|15.07] C:\Programmi\InstallShield Installation Information
[05/02/2008|17.33] C:\Programmi\Intel
[15/12/2008|16.58] C:\Programmi\Internet Explorer
[17/12/2008|14.18] C:\Programmi\iPod
[17/12/2008|14.18] C:\Programmi\iTunes
[10/01/2009|14.00] C:\Programmi\Malwarebytes' Anti-Malware
[25/11/2008|11.11] C:\Programmi\Messenger
[10/01/2009|01.53] C:\Programmi\Microsoft
[01/08/2008|19.25] C:\Programmi\Microsoft ActiveSync
[05/02/2008|17.02] C:\Programmi\microsoft frontpage
[05/02/2008|18.05] C:\Programmi\Microsoft Office
[05/02/2008|18.05] C:\Programmi\Microsoft Visual Studio
[05/02/2008|18.05] C:\Programmi\Microsoft Works
[03/03/2008|19.13] C:\Programmi\Motive
[05/02/2008|17.34] C:\Programmi\Motorola
[25/11/2008|01.50] C:\Programmi\Movie Maker
[05/02/2008|16.59] C:\Programmi\MSN Gaming Zone
[03/03/2008|20.19] C:\Programmi\MSXML 4.0
[05/02/2008|17.48] C:\Programmi\Nero
[25/11/2008|01.48] C:\Programmi\NetMeeting
[18/04/2008|18.34] C:\Programmi\Nokia
[25/11/2008|11.11] C:\Programmi\Outlook Express
[18/04/2008|18.33] C:\Programmi\PC Connectivity Solution
[12/12/2008|00.36] C:\Programmi\PowerQuest
[17/12/2008|14.17] C:\Programmi\QuickTime
[05/02/2008|17.28] C:\Programmi\Realtek
[01/08/2008|19.05] C:\Programmi\Risorse di Windows Mobile
[05/02/2008|17.01] C:\Programmi\Servizi in linea
[24/12/2008|15.06] C:\Programmi\Telecom Italia
[04/11/2008|18.35] C:\Programmi\TomTom DesktopSuite
[04/11/2008|19.00] C:\Programmi\TomTom HOME
[03/01/2009|19.36] C:\Programmi\Trend Micro
[05/02/2008|17.21] C:\Programmi\Uninstall Information
[27/11/2008|23.18] C:\Programmi\uTorrent
[10/09/2008|13.47] C:\Programmi\WINDEasyConnect
[10/01/2009|01.52] C:\Programmi\Windows Live
[09/12/2008|23.38] C:\Programmi\Windows Live Safety Center
[10/01/2009|01.52] C:\Programmi\Windows Live SkyDrive
[28/12/2008|17.20] C:\Programmi\Windows Media Connect 2
[28/12/2008|17.20] C:\Programmi\Windows Media Player
[25/11/2008|01.48] C:\Programmi\Windows NT
[05/02/2008|17.01] C:\Programmi\WindowsUpdate
[05/02/2008|17.02] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[61|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[11/05/2008|11.48] C:\Programmi\File comuni\Adobe
[05/02/2008|17.48] C:\Programmi\File comuni\Ahead
[17/12/2008|14.16] C:\Programmi\File comuni\Apple
[05/02/2008|18.05] C:\Programmi\File comuni\DESIGNER
[07/03/2008|14.43] C:\Programmi\File comuni\Hewlett-Packard
[07/03/2008|14.44] C:\Programmi\File comuni\HP
[12/12/2008|00.35] C:\Programmi\File comuni\InstallShield
[10/01/2009|01.52] C:\Programmi\File comuni\Microsoft Shared
[05/02/2008|17.00] C:\Programmi\File comuni\MSSoap
[05/02/2008|17.55] C:\Programmi\File comuni\ODBC
[18/04/2008|18.33] C:\Programmi\File comuni\PCSuite
[05/02/2008|17.00] C:\Programmi\File comuni\Services
[05/02/2008|17.55] C:\Programmi\File comuni\SpeechEngines
[25/11/2008|11.11] C:\Programmi\File comuni\System
[10/01/2009|01.48] C:\Programmi\File comuni\Windows Live
[03/03/2008|19.48] C:\Programmi\File comuni\WindowsLiveInstaller
[0|File] C:\Programmi\File comuni\byte
[18|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 55 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 20:28:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\AMMINI~1\Dati applicazioni\uTorrent\Windows XP Genuine Advantage v1.8.31.9 Crack.torrent
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\itn
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\raster
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\schemes
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\tomtom
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\ttn6ifalleni.cab
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\raster\usa_basic.ver
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\raster\usx09_00000,00000.jpg
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\raster\usx09_00000,00000.sat
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\raster\usxe09_00000,08280.jpg
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\raster\usxe09_00000,08280.sat
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\raster\usxw09_12960,09120.jpg
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\raster\usxw09_12960,09120.sat
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\tomtom\data.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\tomtom\Munich.bin
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\tomtom\palm.bif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\tomtom\ppc.bif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data00.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data00.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data01.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data01.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data02.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data02.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data04.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data04.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data05.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data05.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data07.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data07.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data08.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data08.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data09.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data09.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data10.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data10.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data11.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data11.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data12.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data12.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data13.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data13.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data14.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data14.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data15.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data15.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data16.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data16.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data17.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data17.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data18.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data18.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data19.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data19.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data20.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data20.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data21.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data21.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data22.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data22.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data23.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data23.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data24.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data24.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data27.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data27.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data28.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data28.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data29.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data29.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data34.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data34.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data38.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data38.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data39.chk
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom\[PockePC - Ok su HTC] TomTom Navigator 6 + Mappa Italia Plus v6.50\CRACK\voices\data39.vif
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\TomTom-Mappe-Italia-v7.10.1561\Meta keygen
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\TomTom-Mappe-Italia-v7.10.1561\Meta keygen\insert_meta_from_Map_here
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\TomTom-Mappe-Italia-v7.10.1561\Meta keygen\Meta.txt
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\TomTom-Mappe-Italia-v7.10.1561\Meta keygen\RunMe.bat
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\TomTom-Mappe-Italia-v7.10.1561\Meta keygen\tt7_keygen.exe
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\TomTom-Mappe-Italia-v7.10.1561\Meta keygen\insert_meta_from_Map_here\Italia-7.meta
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\TomTom-Mappe-Italia-v7.10.1561\Meta keygen\insert_meta_from_Map_here\Italia-7.meta.dct
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\Western and Central Europe tomtom 7.201803\meta keygen
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\Western and Central Europe tomtom 7.201803\meta keygen\insert_meta_from_Map_here
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\Western and Central Europe tomtom 7.201803\meta keygen\Meta.txt
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\Western and Central Europe tomtom 7.201803\meta keygen\RunMe.bat
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\Western and Central Europe tomtom 7.201803\meta keygen\tt7_keygen.exe
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\Western and Central Europe tomtom 7.201803\meta keygen\insert_meta_from_Map_here\Western_and_Central_Europe-13.meta
C:\DOCUME~1\AMMINI~1\Desktop\Tom Tom 7\ISTALLAZIONE TOM TOM 7\MAPPE 7\Western and Central Europe tomtom 7.201803\meta keygen\insert_meta_from_Map_here\Western_and_Central_Europe-13.meta.dct
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\Info.nfo
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\installer.bat
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\LegitCheckControl.dll
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\My Digital Life.url
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\Torrent downloaded from Demonoid.com.txt
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\WgaLogon.dll
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\WgaTray.exe
C:\DOCUME~1\AMMINI~1\Preferiti\Windows XP Activation Crack Attivare Windows senza WGA, licenza e codici - Pom-HeyWEB!.url
C:\DOCUME~1\AMMINI~1\Recent\Windows_XP_Genuine_Advantage_v1_8_31_9_Crack_torrent_-Fenopy.com.lnk


[F:3289][D:62]-> C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp
[F:403][D:0]-> C:\DOCUME~1\AMMINI~1\Cookies
[F:15724][D:28]-> C:\DOCUME~1\AMMINI~1\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/01/2009|20.27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/01/2009|20.29 - Option : [2]

--------------------\\ Scan completed at 20.29.42








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.30.56, on 10/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WINDEasyConnect\WTGService.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204569080937
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WTGService - Unknown owner - C:\Programmi\WINDEasyConnect\WTGService.exe

--
End of file - 8316 bytes
Torna in alto
 
shapiro
Inviato: Saturday, January 10, 2009 8:40:00 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
log pulito

hai ancora BitTorrent installato?
Torna in alto
 
jei-jei979
Inviato: Saturday, January 10, 2009 9:14:55 PM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
BitTorrent è installato ma francamente credo proprio che non mi servi quindi nel caso dimmi cosa devo fare e se eliminarlo come eliminarlo.
Grazie davvero per tutto, aspetto notizie.
P.S. ultimamente mi succede che appena accedo a messenger AVG rileva delle continue minacce ma mi è succeso solo una volta per adesso ed ho chiuso subito. Non so se può essere utile ma te lo scrivo ugualmente.
CIAO CIAO CIAO
GRAZIE!!!
Torna in alto
 
shapiro
Inviato: Saturday, January 10, 2009 9:18:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
controlla se bi torrent funziona
Torna in alto
 
jei-jei979
Inviato: Saturday, January 10, 2009 9:47:51 PM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
Mi sembra funzioni, francamente non ne sono sicuro perchè non lo so usare affatto, mi è servito solo una volta per un file e poi basta.
Comunque credo che funzioni e forse era anche avviato...non saprei!!
Se ritieni lo posso eliminare tranquillamente
Grazie, ciao
Torna in alto
 
shapiro
Inviato: Saturday, January 10, 2009 10:01:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non devi eliminarlo perche' l'ho detto io....puoi disinstallarlo se non ti serve
semmai rimuovilo e fai una nuova installazione di bi torrent
Torna in alto
 
jei-jei979
Inviato: Sunday, January 11, 2009 2:13:31 PM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
capisco perfettamente, infatti l'ho eliminato perchè mai utilizzato e non mi serve.
Ora dopo averlo disinstallato devo fare altro???
Torna in alto
 
shapiro
Inviato: Sunday, January 11, 2009 2:21:37 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
usa questo tool

http://downloads1.kaspersky-labs.com/devbuilds/AVPTool/


Doppio click sul file scaricato e procedi con l'installazione
Al termine si aprirà il tool
Lascia spuntati System Memory, Startup Objects, Disk boot sector
Spunta Risorse del Computer
Clicca su Scan;
A fine scansione in caso di rilevazione di infezioni clicca su Neutralize all, si apriranno dei popup dove scegliere se Cancellare o Disinfettare l'oggetto;
Metti la spunta su Apply to all e clicca su Delete;
Clicca su Reports... , poi su Save to file e salva;
Esci dal programma e clicca su Si se desideri disinstallare subito il tool
Torna in alto
 
jei-jei979
Inviato: Sunday, January 11, 2009 7:01:46 PM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
Ho fatto tutto quello richiesto e ne approfitto per aggiungere il LOG della scanzione.
Spero sia tutto ok e comunque nel caso aspetto suggerimenti.
Grazie mille, ciao
Torna in alto
 
jei-jei979
Inviato: Sunday, January 11, 2009 7:02:34 PM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
Scusate avevo dimenticato il LOG...eccolo
grazie

Scan
Scanned: 217750
Detected: 5
Untreated: 0
Start time: 11/01/2009 17.32.42
Duration: 01.18.58
Finish time: 11/01/2009 18.51.40


Detected
Status Object
------ ------
deleted: virus Worm.Win32.AutoRun.saq File: C:\sq.com
deleted: Trojan program Trojan-Downloader.Win32.Obfuscated.hlp File: C:\Documents and Settings\Amministratore\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\WgaTray.exe
deleted: adware not-a-virus:AdWare.Win32.Agent.adt File: C:\Documents and Settings\Amministratore\Impostazioni locali\Temp\FlashInstaller.exe
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.c File: C:\Programmi\eMule\Incoming\una carezza zucchero.mp3
deleted: virus Worm.Win32.AutoRun.saq File: D:\sq.com


Events
Time Name Status Reason
---- ---- ------ ------
11/01/2009 17.32.48 Running module: smss.exe\smss.exe ok scanned


Statistics
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
Status Object Size Added
------ ------ ---- -----


Backup
Status Object Size
------ ------ ----
Torna in alto
 
shapiro
Inviato: Sunday, January 11, 2009 7:35:27 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
avevi ancora dei virus - ora dovrebbe andare meglio

postami un log aggiornato
Torna in alto
 
jei-jei979
Inviato: Tuesday, January 13, 2009 2:44:00 PM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
Ciao, scusate il ritardo ma ne ho approfittato per rifare tutte le scansione e postare tutti i Log in modo da poter avere una situazione globale della situazione del mio pc.
Inizialmente avevo scritto perchè riscontravo dei problemi e delle anomalie nel computer soprattutto utilizzando messenger. Infatti aprendo un giorno un file di un contatto avrò preso qualche strano virus e da allora mi capita che mentre sono su messenger, si disconnette da solo dicendomi che qualcun'altro ha effettuato l'accesso e quindi il mio messenger si chiude e devo nuovamente effettuare il login.
Inoltre, succede che tutti i miei contatti messenger ricevano dei file da parte mia (cosa impossibile perchè non sono io ad inviare i file) con uno strano link e basta cliccarci sopra per beccare il birus che ho preso io ed incappare nella mia stessa situazione. Proprio ieri una mio contatto ha ricevuto uno di questi file, me lo ha comunicato e mi ha detto il link che riceve, che ora vi sctivo in modo tale da poter capire che tipo di problema ho e come risolvero.
Spero di essere stato sufficientemente chiaro e in caso di chiarimenti sono a disposizione.
Ringrazio tutti comunque per l'aiuto datomi sino ad adesso e spero di riolvere il problema.
Il link che ricevono i miei contatti è il seguente: http://click.awesomeofferz.com

Ora vi posto anche i vari log, grazie.

LOG Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.35.28, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204569080937
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8291 bytes


LOG di Malwarebytes

Malwarebytes' Anti-Malware 1.32
Versione del database: 1638
Windows 5.1.2600 Service Pack 3

12/01/2009 23.34.37
mbam-log-2009-01-12 (23-34-37).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 123311
Tempo trascorso: 43 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


LOG Kaspersky

Scan
Scanned: 219367
Detected: 0
Untreated: 0
Start time: 12/01/2009 23.42.39
Duration: 01.38.00
Finish time: 13/01/2009 1.20.39


Detected
Status Object
------ ------


Events
Time Name Status Reason
---- ---- ------ ------
12/01/2009 23.42.46 Running module: smss.exe\smss.exe ok scanned


Statistics
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
Status Object Size Added
------ ------ ---- -----


Backup
Status Object Size
------ ------ ----


LOG Lop & SD (procedura 1)


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Ver 1.00PARTTBL
USER : Amministratore ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:51 Go (Free:24 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:89 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 12/01/2009|23.36 )

--------------------\\ Listing folders in DATIAP~1

[17/12/2008|14.18] C:\DOCUME~1\ALLUSE~1\DATIAP~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/05/2008|11.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[06/04/2008|16.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple
[06/04/2008|16.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[30/12/2008|11.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg7
[05/02/2008|17.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CyberLink
[05/02/2008|17.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink
[03/01/2009|16.56] C:\DOCUME~1\ALLUSE~1\DATIAP~1\GiocoDigitale
[05/02/2008|18.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Grisoft
[07/03/2008|14.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Hewlett-Packard
[07/03/2008|14.44] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HP
[07/03/2008|14.44] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HP Product Assistant
[07/03/2008|14.46] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HPSSUPPLY
[10/01/2009|14.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[11/01/2009|22.20] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[15/12/2008|16.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft Help
[11/01/2009|16.56] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Motive
[05/02/2008|17.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nero
[21/06/2008|12.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Office Genuine Advantage
[04/01/2009|21.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PC Suite
[11/01/2009|14.20] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TomTom
[07/03/2008|14.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WEBREG
[30/08/2008|13.08] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[03/03/2008|19.46] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[26|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[07/03/2008|02.02] C:\DOCUME~1\AMMINI~1\DATIAP~1\Adobe
[10/05/2008|13.43] C:\DOCUME~1\AMMINI~1\DATIAP~1\AdobeUM
[05/02/2008|17.48] C:\DOCUME~1\AMMINI~1\DATIAP~1\Ahead
[06/04/2008|16.32] C:\DOCUME~1\AMMINI~1\DATIAP~1\Apple Computer
[12/12/2008|00.05] C:\DOCUME~1\AMMINI~1\DATIAP~1\AVG7
[07/03/2008|14.50] C:\DOCUME~1\AMMINI~1\DATIAP~1\HP
[05/04/2008|20.21] C:\DOCUME~1\AMMINI~1\DATIAP~1\HPAppData
[05/02/2008|17.21] C:\DOCUME~1\AMMINI~1\DATIAP~1\Identities
[05/02/2008|17.39] C:\DOCUME~1\AMMINI~1\DATIAP~1\InstallShield
[03/03/2008|19.28] C:\DOCUME~1\AMMINI~1\DATIAP~1\Macromedia
[10/01/2009|14.00] C:\DOCUME~1\AMMINI~1\DATIAP~1\Malwarebytes
[02/11/2008|22.04] C:\DOCUME~1\AMMINI~1\DATIAP~1\Microsoft
[11/01/2009|17.15] C:\DOCUME~1\AMMINI~1\DATIAP~1\Motive
[18/04/2008|18.34] C:\DOCUME~1\AMMINI~1\DATIAP~1\Nokia
[18/04/2008|18.41] C:\DOCUME~1\AMMINI~1\DATIAP~1\NSeries
[18/04/2008|18.42] C:\DOCUME~1\AMMINI~1\DATIAP~1\PC Suite
[10/09/2008|13.49] C:\DOCUME~1\AMMINI~1\DATIAP~1\Sierra Wireless
[0|File] C:\DOCUME~1\AMMINI~1\DATIAP~1\byte
[19|Directory] C:\DOCUME~1\AMMINI~1\DATIAP~1\byte disponibili

[05/02/2008|17.02] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[05/02/2008|18.00] C:\DOCUME~1\LOCALS~1\DATIAP~1\AVG7
[05/02/2008|18.00] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[05/02/2008|18.00] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/01/2009 23.36][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/01/2009 23.34][--a------] C:\WINDOWS\tasks\OGADaily.job
[12/01/2009 14.18][--a------] C:\WINDOWS\tasks\OGALogon.job
[12/01/2009 14.18][--ah-----] C:\WINDOWS\tasks\SA.DAT
[19/08/2004 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[03/01/2009|17.58] C:\Programmi\55_8_04
[05/02/2008|17.42] C:\Programmi\Adobe
[11/01/2009|16.56] C:\Programmi\Alice ti aiuta
[16/11/2008|12.59] C:\Programmi\Apple Software Update
[03/01/2009|19.28] C:\Programmi\B2BPOKER
[16/11/2008|12.51] C:\Programmi\Bonjour
[03/03/2008|19.13] C:\Programmi\Common Files
[05/02/2008|16.59] C:\Programmi\ComPlus Applications
[05/02/2008|17.45] C:\Programmi\CyberLink
[18/04/2008|18.33] C:\Programmi\DIFX
[05/02/2008|17.43] C:\Programmi\DVD Shrink
[06/01/2009|14.46] C:\Programmi\eMule
[11/01/2009|16.56] C:\Programmi\File comuni
[05/02/2008|18.00] C:\Programmi\Grisoft
[05/02/2008|17.36] C:\Programmi\Hewlett-Packard
[07/03/2008|14.46] C:\Programmi\HP
[11/01/2009|16.55] C:\Programmi\InstallShield Installation Information
[05/02/2008|17.33] C:\Programmi\Intel
[15/12/2008|16.58] C:\Programmi\Internet Explorer
[17/12/2008|14.18] C:\Programmi\iPod
[17/12/2008|14.18] C:\Programmi\iTunes
[10/01/2009|14.00] C:\Programmi\Malwarebytes' Anti-Malware
[25/11/2008|11.11] C:\Programmi\Messenger
[11/01/2009|22.20] C:\Programmi\Microsoft
[01/08/2008|19.25] C:\Programmi\Microsoft ActiveSync
[05/02/2008|17.02] C:\Programmi\microsoft frontpage
[05/02/2008|18.05] C:\Programmi\Microsoft Office
[05/02/2008|18.05] C:\Programmi\Microsoft Visual Studio
[05/02/2008|18.05] C:\Programmi\Microsoft Works
[11/01/2009|16.56] C:\Programmi\Motive
[05/02/2008|17.34] C:\Programmi\Motorola
[25/11/2008|01.50] C:\Programmi\Movie Maker
[05/02/2008|16.59] C:\Programmi\MSN Gaming Zone
[03/03/2008|20.19] C:\Programmi\MSXML 4.0
[05/02/2008|17.48] C:\Programmi\Nero
[25/11/2008|01.48] C:\Programmi\NetMeeting
[25/11/2008|11.11] C:\Programmi\Outlook Express
[18/04/2008|18.33] C:\Programmi\PC Connectivity Solution
[12/12/2008|00.36] C:\Programmi\PowerQuest
[17/12/2008|14.17] C:\Programmi\QuickTime
[05/02/2008|17.28] C:\Programmi\Realtek
[01/08/2008|19.05] C:\Programmi\Risorse di Windows Mobile
[05/02/2008|17.01] C:\Programmi\Servizi in linea
[11/01/2009|16.55] C:\Programmi\Telecom Italia
[04/11/2008|18.35] C:\Programmi\TomTom DesktopSuite
[11/01/2009|14.21] C:\Programmi\TomTom HOME
[03/01/2009|19.36] C:\Programmi\Trend Micro
[05/02/2008|17.21] C:\Programmi\Uninstall Information
[11/01/2009|22.20] C:\Programmi\Windows Live
[11/01/2009|22.20] C:\Programmi\Windows Live SkyDrive
[28/12/2008|17.20] C:\Programmi\Windows Media Connect 2
[28/12/2008|17.20] C:\Programmi\Windows Media Player
[25/11/2008|01.48] C:\Programmi\Windows NT
[05/02/2008|17.01] C:\Programmi\WindowsUpdate
[05/02/2008|17.02] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[57|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[11/05/2008|11.48] C:\Programmi\File comuni\Adobe
[05/02/2008|17.48] C:\Programmi\File comuni\Ahead
[17/12/2008|14.16] C:\Programmi\File comuni\Apple
[05/02/2008|18.05] C:\Programmi\File comuni\DESIGNER
[07/03/2008|14.43] C:\Programmi\File comuni\Hewlett-Packard
[07/03/2008|14.44] C:\Programmi\File comuni\HP
[12/12/2008|00.35] C:\Programmi\File comuni\InstallShield
[11/01/2009|22.20] C:\Programmi\File comuni\Microsoft Shared
[11/01/2009|16.56] C:\Programmi\File comuni\Motive
[05/02/2008|17.00] C:\Programmi\File comuni\MSSoap
[05/02/2008|17.55] C:\Programmi\File comuni\ODBC
[05/02/2008|17.00] C:\Programmi\File comuni\Services
[05/02/2008|17.55] C:\Programmi\File comuni\SpeechEngines
[25/11/2008|11.11] C:\Programmi\File comuni\System
[10/01/2009|01.48] C:\Programmi\File comuni\Windows Live
[03/03/2008|19.48] C:\Programmi\File comuni\WindowsLiveInstaller
[0|File] C:\Programmi\File comuni\byte
[18|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 58 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\AMMINI~1\Cookies\amministratore@adopt.euroclick[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 23:36:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\Info.nfo
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\installer.bat
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\LegitCheckControl.dll
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\My Digital Life.url
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\Torrent downloaded from Demonoid.com.txt
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\WgaLogon.dll
C:\DOCUME~1\AMMINI~1\Recent\Windows_XP_Genuine_Advantage_v1_8_31_9_Crack_torrent_-Fenopy.com.lnk


[F:3328][D:71]-> C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp
[F:421][D:0]-> C:\DOCUME~1\AMMINI~1\Cookies
[F:15818][D:28]-> C:\DOCUME~1\AMMINI~1\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/01/2009|20.27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/01/2009|20.29 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 12/01/2009|23.38 - Option : [1]

--------------------\\ Scan completed at 23.38.16


LOG Lop & SD (procedura 2)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Ver 1.00PARTTBL
USER : Amministratore ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:51 Go (Free:24 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:89 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 12/01/2009|23.38 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\AMMINI~1\Cookies\amministratore@adopt.euroclick[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[17/12/2008|14.18] C:\DOCUME~1\ALLUSE~1\DATIAP~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/05/2008|11.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[06/04/2008|16.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple
[06/04/2008|16.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[30/12/2008|11.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg7
[05/02/2008|17.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CyberLink
[05/02/2008|17.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink
[03/01/2009|16.56] C:\DOCUME~1\ALLUSE~1\DATIAP~1\GiocoDigitale
[05/02/2008|18.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Grisoft
[07/03/2008|14.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Hewlett-Packard
[07/03/2008|14.44] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HP
[07/03/2008|14.44] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HP Product Assistant
[07/03/2008|14.46] C:\DOCUME~1\ALLUSE~1\DATIAP~1\HPSSUPPLY
[10/01/2009|14.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[11/01/2009|22.20] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[15/12/2008|16.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft Help
[11/01/2009|16.56] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Motive
[05/02/2008|17.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nero
[21/06/2008|12.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Office Genuine Advantage
[04/01/2009|21.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PC Suite
[11/01/2009|14.20] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TomTom
[07/03/2008|14.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WEBREG
[30/08/2008|13.08] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[03/03/2008|19.46] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[26|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[07/03/2008|02.02] C:\DOCUME~1\AMMINI~1\DATIAP~1\Adobe
[10/05/2008|13.43] C:\DOCUME~1\AMMINI~1\DATIAP~1\AdobeUM
[05/02/2008|17.48] C:\DOCUME~1\AMMINI~1\DATIAP~1\Ahead
[06/04/2008|16.32] C:\DOCUME~1\AMMINI~1\DATIAP~1\Apple Computer
[12/12/2008|00.05] C:\DOCUME~1\AMMINI~1\DATIAP~1\AVG7
[07/03/2008|14.50] C:\DOCUME~1\AMMINI~1\DATIAP~1\HP
[05/04/2008|20.21] C:\DOCUME~1\AMMINI~1\DATIAP~1\HPAppData
[05/02/2008|17.21] C:\DOCUME~1\AMMINI~1\DATIAP~1\Identities
[05/02/2008|17.39] C:\DOCUME~1\AMMINI~1\DATIAP~1\InstallShield
[03/03/2008|19.28] C:\DOCUME~1\AMMINI~1\DATIAP~1\Macromedia
[10/01/2009|14.00] C:\DOCUME~1\AMMINI~1\DATIAP~1\Malwarebytes
[02/11/2008|22.04] C:\DOCUME~1\AMMINI~1\DATIAP~1\Microsoft
[11/01/2009|17.15] C:\DOCUME~1\AMMINI~1\DATIAP~1\Motive
[18/04/2008|18.34] C:\DOCUME~1\AMMINI~1\DATIAP~1\Nokia
[18/04/2008|18.41] C:\DOCUME~1\AMMINI~1\DATIAP~1\NSeries
[18/04/2008|18.42] C:\DOCUME~1\AMMINI~1\DATIAP~1\PC Suite
[10/09/2008|13.49] C:\DOCUME~1\AMMINI~1\DATIAP~1\Sierra Wireless
[0|File] C:\DOCUME~1\AMMINI~1\DATIAP~1\byte
[19|Directory] C:\DOCUME~1\AMMINI~1\DATIAP~1\byte disponibili

[05/02/2008|17.02] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[05/02/2008|18.00] C:\DOCUME~1\LOCALS~1\DATIAP~1\AVG7
[05/02/2008|18.00] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[05/02/2008|18.00] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/01/2009 23.36][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/01/2009 23.34][--a------] C:\WINDOWS\tasks\OGADaily.job
[12/01/2009 14.18][--a------] C:\WINDOWS\tasks\OGALogon.job
[12/01/2009 14.18][--ah-----] C:\WINDOWS\tasks\SA.DAT
[19/08/2004 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[03/01/2009|17.58] C:\Programmi\55_8_04
[05/02/2008|17.42] C:\Programmi\Adobe
[11/01/2009|16.56] C:\Programmi\Alice ti aiuta
[16/11/2008|12.59] C:\Programmi\Apple Software Update
[03/01/2009|19.28] C:\Programmi\B2BPOKER
[16/11/2008|12.51] C:\Programmi\Bonjour
[03/03/2008|19.13] C:\Programmi\Common Files
[05/02/2008|16.59] C:\Programmi\ComPlus Applications
[05/02/2008|17.45] C:\Programmi\CyberLink
[18/04/2008|18.33] C:\Programmi\DIFX
[05/02/2008|17.43] C:\Programmi\DVD Shrink
[06/01/2009|14.46] C:\Programmi\eMule
[11/01/2009|16.56] C:\Programmi\File comuni
[05/02/2008|18.00] C:\Programmi\Grisoft
[05/02/2008|17.36] C:\Programmi\Hewlett-Packard
[07/03/2008|14.46] C:\Programmi\HP
[11/01/2009|16.55] C:\Programmi\InstallShield Installation Information
[05/02/2008|17.33] C:\Programmi\Intel
[15/12/2008|16.58] C:\Programmi\Internet Explorer
[17/12/2008|14.18] C:\Programmi\iPod
[17/12/2008|14.18] C:\Programmi\iTunes
[10/01/2009|14.00] C:\Programmi\Malwarebytes' Anti-Malware
[25/11/2008|11.11] C:\Programmi\Messenger
[11/01/2009|22.20] C:\Programmi\Microsoft
[01/08/2008|19.25] C:\Programmi\Microsoft ActiveSync
[05/02/2008|17.02] C:\Programmi\microsoft frontpage
[05/02/2008|18.05] C:\Programmi\Microsoft Office
[05/02/2008|18.05] C:\Programmi\Microsoft Visual Studio
[05/02/2008|18.05] C:\Programmi\Microsoft Works
[11/01/2009|16.56] C:\Programmi\Motive
[05/02/2008|17.34] C:\Programmi\Motorola
[25/11/2008|01.50] C:\Programmi\Movie Maker
[05/02/2008|16.59] C:\Programmi\MSN Gaming Zone
[03/03/2008|20.19] C:\Programmi\MSXML 4.0
[05/02/2008|17.48] C:\Programmi\Nero
[25/11/2008|01.48] C:\Programmi\NetMeeting
[25/11/2008|11.11] C:\Programmi\Outlook Express
[18/04/2008|18.33] C:\Programmi\PC Connectivity Solution
[12/12/2008|00.36] C:\Programmi\PowerQuest
[17/12/2008|14.17] C:\Programmi\QuickTime
[05/02/2008|17.28] C:\Programmi\Realtek
[01/08/2008|19.05] C:\Programmi\Risorse di Windows Mobile
[05/02/2008|17.01] C:\Programmi\Servizi in linea
[11/01/2009|16.55] C:\Programmi\Telecom Italia
[04/11/2008|18.35] C:\Programmi\TomTom DesktopSuite
[11/01/2009|14.21] C:\Programmi\TomTom HOME
[03/01/2009|19.36] C:\Programmi\Trend Micro
[05/02/2008|17.21] C:\Programmi\Uninstall Information
[11/01/2009|22.20] C:\Programmi\Windows Live
[11/01/2009|22.20] C:\Programmi\Windows Live SkyDrive
[28/12/2008|17.20] C:\Programmi\Windows Media Connect 2
[28/12/2008|17.20] C:\Programmi\Windows Media Player
[25/11/2008|01.48] C:\Programmi\Windows NT
[05/02/2008|17.01] C:\Programmi\WindowsUpdate
[05/02/2008|17.02] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[57|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[11/05/2008|11.48] C:\Programmi\File comuni\Adobe
[05/02/2008|17.48] C:\Programmi\File comuni\Ahead
[17/12/2008|14.16] C:\Programmi\File comuni\Apple
[05/02/2008|18.05] C:\Programmi\File comuni\DESIGNER
[07/03/2008|14.43] C:\Programmi\File comuni\Hewlett-Packard
[07/03/2008|14.44] C:\Programmi\File comuni\HP
[12/12/2008|00.35] C:\Programmi\File comuni\InstallShield
[11/01/2009|22.20] C:\Programmi\File comuni\Microsoft Shared
[11/01/2009|16.56] C:\Programmi\File comuni\Motive
[05/02/2008|17.00] C:\Programmi\File comuni\MSSoap
[05/02/2008|17.55] C:\Programmi\File comuni\ODBC
[05/02/2008|17.00] C:\Programmi\File comuni\Services
[05/02/2008|17.55] C:\Programmi\File comuni\SpeechEngines
[25/11/2008|11.11] C:\Programmi\File comuni\System
[10/01/2009|01.48] C:\Programmi\File comuni\Windows Live
[03/03/2008|19.48] C:\Programmi\File comuni\WindowsLiveInstaller
[0|File] C:\Programmi\File comuni\byte
[18|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 23:39:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\Info.nfo
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\installer.bat
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\LegitCheckControl.dll
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\My Digital Life.url
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\Torrent downloaded from Demonoid.com.txt
C:\DOCUME~1\AMMINI~1\Documenti\Downloads\Windows XP Genuine Advantage v1.8.31.9 Crack\WgaLogon.dll
C:\DOCUME~1\AMMINI~1\Recent\Windows_XP_Genuine_Advantage_v1_8_31_9_Crack_torrent_-Fenopy.com.lnk


[F:3328][D:71]-> C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp
[F:420][D:0]-> C:\DOCUME~1\AMMINI~1\Cookies
[F:15818][D:28]-> C:\DOCUME~1\AMMINI~1\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/01/2009|20.27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/01/2009|20.29 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 12/01/2009|23.38 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - 12/01/2009|23.40 - Option : [2]

--------------------\\ Scan completed at 23.40.31


Questo è tutto, attendo con ansia notizie, grazie anticipatamente a tutti, ciao!!!
Torna in alto
 
shapiro
Inviato: Tuesday, January 13, 2009 4:05:49 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ultimamente hai ricevuto email da contatti che non sono nella tua lista?

tu hai Windows Live - tieni presente che ultimamente sta creando molti problemi, soprattutto la versione 2009

scarica http://sosvirus.changelog.fr/MSNFix.zip

Installa MSNFIX:

scompatta il file Zip, che hai, precedentemente posizionato sul Desktop (verrà creata una cartella)
lancia MSNFix File batch
digita I per impostare la lingua, e, premi invio
digita R per cercare il malware
digita N per eliminare ciò che trova
digita A per creare il log da pubblicare
digita R per ripulire il registro ed uscire
digita Q per terminare MSNFix
Il log che verrà creato, ti confermerà, o meno l’avvenuta rimozione.
MSNFix, creerà, inoltre un file Zip (lo trovi, assieme al log, all’interno della cartella posizionata sul Desktop), contenente i file infetti rimossi: cestinalo, e ripulisci il cestino.
Terminata la scansione con MSNFIX, riavvia il sistema
Torna in alto
 
jei-jei979
Inviato: Wednesday, January 14, 2009 12:08:23 AM
Rank: Member

Iscritto dal : 2/20/2006
Posts: 0
Ciao, ho fatto tutto quello che mi hai scritto, inzialmente avevo trovato un'infezione che ho poi eliminato e successivamente con una nuoa scansione mi diceva tutto ok. Purtroppo non sono riuscito a trovare il LOG e quindi ho eliminato la cartella come mi avevi detto senza possibilità di postare nessun LOG.
Comunque se servono altri LOG o altro resto in attesa, anche per capire se il problema è effettivamente risolto o meno.
Grazie per tutto e attendo notizie, ciao
Torna in alto
 
simone85
Inviato: Wednesday, January 14, 2009 12:52:36 AM

Rank: AiutAmico

Iscritto dal : 4/6/2008
Posts: 866
hai per caso scaicato programmini/applicazioni per msn? purtroppo su msn ormai il virus è di ordinaria amministrazione il mio consiglio è il seguente: disinstalla al piu presto messenger, possibilmente con il programma REVO UNISTALLER, cosi oltre al programma elimina tutti i relativi files e chiavi di registro, anche se le chiavi di registro di MSN ti consiglio di eliminarle tu manualmente, poi spazzi via i files inutili con CCLEANER. A questo punto reinstalli msn(ti sconsiglio l ultima versione) cambi la password del tuo account, sempre nelle opzioni account cambia anche la risposta della domanda segreta. Vedi poi come va e se non l hai ancora fatto installa un FIREWALL!!
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » AIUTO LOG


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.