Log di avenger:
niente non me lo fa copiare, ho provato a salvarlo in "documento testo" ma quando faccio salva mi chiede se devo sostituire avenger.txt faccio si e poi mi dice "accesso a C:/Avenger.txt negato"
comunque ho il log di LOP:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vistaâ„¢ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU 2160 @ 1.80GHz )
BIOS : Default System BIOS
USER : Marco ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:227 Go (Free:105 Go)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 14/02/2009|13.06 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
Deleted! - C:\ProgramData\Drv Ooze Ooze.wpqozz
Deleted! - C:\ProgramData\Drv Ooze Ooze.jkkh3ez
Deleted! - C:\ProgramData\That Face Camp Shim
Deleted! - C:\Program Files\Circle Developement
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing folders in Local
[11/01/2009|02.26] C:\Users\Marco\AppData\Local\Adobe
[17/01/2008|20.13] C:\Users\Marco\AppData\Local\Ahead
[26/02/2008|18.48] C:\Users\Marco\AppData\Local\ATI
[10/01/2008|09.55] C:\Users\Marco\AppData\Local\Cronologia
[11/01/2009|19.48] C:\Users\Marco\AppData\Local\d3d9caps.dat
[10/01/2008|09.55] C:\Users\Marco\AppData\Local\Dati applicazioni
[30/01/2009|20.24] C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06/07/2008|09.20] C:\Users\Marco\AppData\Local\Downloaded Installations
[11/01/2009|20.06] C:\Users\Marco\AppData\Local\GDIPFONTCACHEV1.DAT
[16/08/2008|09.20] C:\Users\Marco\AppData\Local\Google
[14/02/2009|12.40] C:\Users\Marco\AppData\Local\IconCache.db
[06/06/2008|19.54] C:\Users\Marco\AppData\Local\Microsoft
[16/06/2008|19.54] C:\Users\Marco\AppData\Local\Microsoft Games
[29/02/2008|16.39] C:\Users\Marco\AppData\Local\Microsoft Help
[18/10/2008|23.49] C:\Users\Marco\AppData\Local\PokerStars.IT
[10/01/2008|10.08] C:\Users\Marco\AppData\Local\Seven Zip
[14/02/2009|13.06] C:\Users\Marco\AppData\Local\Temp
[10/01/2008|09.55] C:\Users\Marco\AppData\Local\Temporary Internet Files
[22/04/2008|16.57] C:\Users\Marco\AppData\Local\VirtualStore
[05/04/2008|23.56] C:\Users\Marco\AppData\Local\Windows Live Writer
[4|File] C:\Users\Marco\AppData\Local\byte
[18|Directory] C:\Users\Marco\AppData\Local\byte disponibili
--------------------\\ Scheduled Tasks located in C:\Windows\Tasks
[14/02/2009 13.00][--a------] C:\Windows\tasks\lurrwbjp.job
[10/01/2009 14.39][--a------] C:\Windows\tasks\At9.job
[10/01/2009 01.43][--a------] C:\Windows\tasks\kafhypbq.job
[10/02/2009 14.01][--a------] C:\Windows\tasks\At8.job
[10/02/2009 20.00][--a------] C:\Windows\tasks\At7.job
[10/01/2009 14.39][--a------] C:\Windows\tasks\At6.job
[10/01/2009 14.39][--a------] C:\Windows\tasks\At5.job
[09/02/2009 20.00][--a------] C:\Windows\tasks\At4.job
[10/01/2009 14.39][--a------] C:\Windows\tasks\At3.job
[09/02/2009 20.00][--a------] C:\Windows\tasks\At2.job
[10/01/2009 14.39][--a------] C:\Windows\tasks\At1.job
[02/08/2008 20.46][--ahs----] C:\Windows\tasks\FOLDER.TSX
[13/02/2009 22.45][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D7B70733-77C3-4D66-8CEB-0CB058008DFB}.job
[14/02/2009 12.42][--ah-----] C:\Windows\tasks\SA.DAT
[14/02/2009 12.41][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing Folders in C:\ProgramData
[11/01/2009|02.24] C:\ProgramData\Adobe
[10/01/2008|10.17] C:\ProgramData\Ahead
[02/11/2006|14.02] C:\ProgramData\Application Data
[11/01/2008|13.30] C:\ProgramData\avg7
[10/08/2008|18.37] C:\ProgramData\CanonBJ
[01/01/2009|20.52] C:\ProgramData\DAEMON Tools Lite
[10/01/2008|09.50] C:\ProgramData\Dati applicazioni
[04/04/2008|13.37] C:\ProgramData\dentstylesettings
[02/11/2006|14.02] C:\ProgramData\Desktop
[10/01/2008|09.50] C:\ProgramData\Documenti
[02/11/2006|14.02] C:\ProgramData\Documents
[02/11/2006|14.02] C:\ProgramData\Favorites
[28/11/2008|22.28] C:\ProgramData\FLEXnet
[11/01/2009|01.41] C:\ProgramData\Google
[10/01/2008|09.59] C:\ProgramData\Grisoft
[11/02/2009|21.14] C:\ProgramData\Installations
[11/01/2009|16.09] C:\ProgramData\Malwarebytes
[10/01/2008|09.50] C:\ProgramData\Menu Avvio
[13/01/2008|21.53] C:\ProgramData\Messenger Plus!
[11/02/2009|21.22] C:\ProgramData\Microsoft
[12/02/2009|01.53] C:\ProgramData\Microsoft Help
[10/01/2008|09.50] C:\ProgramData\Modelli
[10/01/2008|10.15] C:\ProgramData\Nero
[18/03/2008|23.23] C:\ProgramData\Nokia
[29/06/2008|23.52] C:\ProgramData\Office Genuine Advantage
[10/01/2008|19.52] C:\ProgramData\PC Suite
[10/01/2008|09.50] C:\ProgramData\Preferiti
[01/01/2009|21.25] C:\ProgramData\Sports Interactive
[09/02/2009|21.50] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14.02] C:\ProgramData\Start Menu
[02/11/2006|14.02] C:\ProgramData\Templates
[25/08/2008|09.52] C:\ProgramData\WindowsSearch
[05/04/2008|23.53] C:\ProgramData\WLInstaller
[0|File] C:\ProgramData\byte
[35|Directory] C:\ProgramData\byte disponibili
--------------------\\ Listing Folders in C:\Program Files
[11/01/2009|02.23] C:\Program Files\Adobe
[31/10/2007|19.26] C:\Program Files\ATI
[31/10/2007|19.27] C:\Program Files\ATI Technologies
[11/01/2009|01.57] C:\Program Files\Auslogics
[11/11/2008|20.00] C:\Program Files\CCleaner
[03/06/2008|22.17] C:\Program Files\Collage Maker
[11/02/2009|20.31] C:\Program Files\Common Files
[01/01/2009|20.52] C:\Program Files\DAEMON Tools Lite
[12/02/2009|01.46] C:\Program Files\DAEMON Tools Toolbar
[10/01/2008|19.23] C:\Program Files\DIFX
[02/11/2008|21.47] C:\Program Files\directx
[17/05/2008|10.44] C:\Program Files\DivX
[07/02/2009|22.13] C:\Program Files\eMule
[10/02/2009|23.10] C:\Program Files\Everest Poker.net
[10/01/2008|09.50] C:\Program Files\File comuni [C:\Program Files\Common Files]
[09/02/2009|21.52] C:\Program Files\FindyKill
[10/01/2008|10.53] C:\Program Files\FreePOPs
[22/03/2008|12.26] C:\Program Files\FX Uninstall Information
[11/01/2009|03.55] C:\Program Files\Google
[10/01/2008|09.59] C:\Program Files\Grisoft
[06/07/2008|08.54] C:\Program Files\iFoxSoft
[02/01/2009|04.59] C:\Program Files\InstallShield Installation Information
[08/08/2008|12.44] C:\Program Files\Internet Explorer
[21/01/2009|13.39] C:\Program Files\Java
[11/01/2009|16.09] C:\Program Files\Malwarebytes' Anti-Malware
[02/01/2009|04.59] C:\Program Files\Max Payne
[12/02/2009|13.48] C:\Program Files\Messenger Plus! Live
[02/11/2006|13.37] C:\Program Files\Microsoft Games
[10/01/2008|10.29] C:\Program Files\Microsoft Office
[10/01/2008|10.38] C:\Program Files\Microsoft Small Business
[31/10/2007|19.41] C:\Program Files\Microsoft SQL Server
[10/01/2008|10.29] C:\Program Files\Microsoft Visual Studio
[10/01/2008|10.30] C:\Program Files\Microsoft Works
[10/01/2008|10.40] C:\Program Files\Microsoft.NET
[08/08/2008|12.44] C:\Program Files\Movie Maker
[02/11/2006|13.37] C:\Program Files\MSBuild
[31/10/2007|19.12] C:\Program Files\MSXML 4.0
[10/01/2008|10.15] C:\Program Files\Nero
[11/02/2009|21.12] C:\Program Files\Nokia
[11/02/2009|20.30] C:\Program Files\PC Connectivity Solution
[27/10/2008|19.10] C:\Program Files\PokerStars.IT
[02/11/2006|13.37] C:\Program Files\Reference Assemblies
[22/12/2008|17.15] C:\Program Files\Rockstar Games
[27/10/2008|19.10] C:\Program Files\SopCast
[14/02/2009|12.48] C:\Program Files\Sports Interactive
[31/12/2008|16.17] C:\Program Files\Spybot - Search & Destroy
[11/01/2009|02.13] C:\Program Files\Tracker Software
[08/08/2008|11.40] C:\Program Files\Trend Micro
[02/11/2006|14.01] C:\Program Files\Uninstall Information
[03/11/2008|01.46] C:\Program Files\uTorrent
[31/10/2007|19.16] C:\Program Files\VIA
[03/11/2008|21.13] C:\Program Files\WinAce
[08/08/2008|12.44] C:\Program Files\Windows Calendar
[08/08/2008|12.44] C:\Program Files\Windows Collaboration
[08/08/2008|12.44] C:\Program Files\Windows Defender
[08/08/2008|12.44] C:\Program Files\Windows Journal
[11/07/2008|13.13] C:\Program Files\Windows Live
[06/06/2008|19.56] C:\Program Files\Windows Live Safety Center
[12/02/2009|01.52] C:\Program Files\Windows Mail
[08/08/2008|12.44] C:\Program Files\Windows Media Player
[10/01/2008|09.50] C:\Program Files\Windows NT
[08/08/2008|12.44] C:\Program Files\Windows Photo Gallery
[08/08/2008|12.44] C:\Program Files\Windows Sidebar
[02/01/2009|02.36] C:\Program Files\WinRAR
[03/11/2008|20.34] C:\Program Files\WinZip
[25/03/2008|19.41] C:\Program Files\Zero G Registry
[0|File] C:\Program Files\byte
[68|Directory] C:\Program Files\byte disponibili
--------------------\\ Listing Folders in C:\Program Files\Common Files
[11/07/2008|13.11] C:\Program Files\Common Files\ACD Systems
[11/01/2009|02.23] C:\Program Files\Common Files\Adobe
[10/01/2008|10.16] C:\Program Files\Common Files\Ahead
[10/01/2008|10.29] C:\Program Files\Common Files\DESIGNER
[28/11/2008|22.28] C:\Program Files\Common Files\InstallShield
[15/04/2008|22.19] C:\Program Files\Common Files\Java
[18/03/2008|23.22] C:\Program Files\Common Files\microsoft shared
[11/02/2009|21.11] C:\Program Files\Common Files\Nokia
[11/02/2009|20.31] C:\Program Files\Common Files\PCSuite
[10/01/2008|10.23] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12.18] C:\Program Files\Common Files\Services
[02/11/2006|12.18] C:\Program Files\Common Files\SpeechEngines
[08/08/2008|12.44] C:\Program Files\Common Files\System
[10/01/2008|11.40] C:\Program Files\Common Files\WindowsLiveInstaller
[0|File] C:\Program Files\Common Files\byte
[16|Directory] C:\Program Files\Common Files\byte disponibili
--------------------\\ Process
( 62 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net Rootkit scan 2009-02-14 13:06:59
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1884
--------------------\\ Searching for other infections
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
--------------------\\ Cracks & Keygens ..
C:\Users\Marco\AppData\Roaming\uTorrent\FM2009.9-2-0.Update.and.Crack.Permaximum.rar.torrent
C:\Users\Marco\AppData\Roaming\uTorrent\Football.Manager.2009.crack.and.licence.torrent
C:\Users\Marco\AppData\Roaming\uTorrent\NFs most wanted +crack +cd-key +trainer.iso.torrent
C:\Users\Marco\AppData\Roaming\uTorrent\[Pc game] Football Manager 2009 [FM2009 + crack + ita,eng,fr,de].iso.torrent
C:\Users\Marco\Documents\Desktop\Incoming\Football_Manager_2009___Patch_9.1.0___Crack.4509289.TPB.torrent
C:\Users\Marco\Documents\Desktop\Incoming\Max Payne Patch v1.05 Crack.rar
C:\Users\Marco\Documents\Desktop\MaRcO\FM2009.9-2-0.Update.and.Crack.Permaximum.rar
C:\Users\Marco\Documents\Desktop\MaRcO\Football.Manager.2009.crack.and.licence
C:\Users\Marco\Documents\Desktop\MaRcO\FM\Crack
C:\Users\Marco\Documents\Desktop\MaRcO\FM\Crack\fm234.rar
C:\Users\Marco\Documents\Desktop\MaRcO\Football.Manager.2009.crack.and.licence\Football.Manager.2009.crack.and.licence.rar
[F:1372][D:26]-> C:\Users\Marco\AppData\Local\Temp
[F:82][D:1]-> C:\Users\Marco\AppData\Roaming\MICROS~1\Windows\Cookies
[F:134][D:4]-> C:\Users\Marco\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:96][D:4]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 14/02/2009|13.04 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 14/02/2009|13.12 - Option : [2]
--------------------\\ Scan completed at 13.12.16
[ UAC => 1 ]
e questo invece è il log hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.18.35, on 09/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://it.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: FreePOPs.lnk = C:\Program Files\FreePOPs\freepopsd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4764 bytes