il file txt di lop s&d:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : dario ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:25 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:169 Go (Free:135 Go)
E:\ (Local Disk) - NTFS - Total:152 Go (Free:5 Go)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB) - FAT32 - Total:3904 Mo (Free:1 Go)
K:\ (USB)
L:\ (USB)
M:\ (CD or DVD) - UDF - Total:2 Go (Free:0 Go)
X:\ (USB) - FAT32 - Total:938 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 06/12/2008|22.09 )
--------------------\\ Listing folders in DATIAP~1
[30/07/2008|18.01] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Acronis
[29/07/2008|19.36] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[15/11/2008|00.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\ATI
[01/09/2008|21.22] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[06/12/2008|19.55] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google Updater
[18/08/2008|22.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MailFrontier
[07/09/2008|22.04] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[30/08/2008|12.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nero
[29/07/2008|19.36] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Real
[23/11/2008|19.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[12|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili
[22/08/2008|22.05] C:\DOCUME~1\dario\DATIAP~1\Adobe
[23/08/2008|14.33] C:\DOCUME~1\dario\DATIAP~1\AdobeUM
[15/11/2008|00.17] C:\DOCUME~1\dario\DATIAP~1\ATI
[01/12/2008|20.53] C:\DOCUME~1\dario\DATIAP~1\dvdcss
[29/07/2008|21.55] C:\DOCUME~1\dario\DATIAP~1\eMule
[06/09/2008|16.14] C:\DOCUME~1\dario\DATIAP~1\GlarySoft
[14/09/2008|15.19] C:\DOCUME~1\dario\DATIAP~1\Google
[24/09/2008|17.18] C:\DOCUME~1\dario\DATIAP~1\Help
[29/07/2008|19.44] C:\DOCUME~1\dario\DATIAP~1\Identities
[26/11/2008|22.52] C:\DOCUME~1\dario\DATIAP~1\IObit
[30/11/2008|11.09] C:\DOCUME~1\dario\DATIAP~1\IrfanView
[07/09/2008|22.06] C:\DOCUME~1\dario\DATIAP~1\Lavasoft
[02/12/2008|13.25] C:\DOCUME~1\dario\DATIAP~1\Macromedia
[18/08/2008|22.03] C:\DOCUME~1\dario\DATIAP~1\MailFrontier
[15/11/2008|00.09] C:\DOCUME~1\dario\DATIAP~1\Microsoft
[02/10/2008|20.33] C:\DOCUME~1\dario\DATIAP~1\Mozilla
[30/08/2008|13.01] C:\DOCUME~1\dario\DATIAP~1\Nero
[15/11/2008|12.34] C:\DOCUME~1\dario\DATIAP~1\Opera
[29/07/2008|19.36] C:\DOCUME~1\dario\DATIAP~1\Real
[19/09/2008|19.33] C:\DOCUME~1\dario\DATIAP~1\SecuROM
[03/12/2008|21.39] C:\DOCUME~1\dario\DATIAP~1\Sun
[03/09/2008|21.38] C:\DOCUME~1\dario\DATIAP~1\Uniblue
[02/12/2008|22.23] C:\DOCUME~1\dario\DATIAP~1\uTorrent
[28/09/2008|20.32] C:\DOCUME~1\dario\DATIAP~1\vlc
[0|File] C:\DOCUME~1\dario\DATIAP~1\byte
[26|Directory] C:\DOCUME~1\dario\DATIAP~1\byte disponibili
[29/07/2008|19.32] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili
[30/07/2008|15.09] C:\DOCUME~1\erica\DATIAP~1\Adobe
[06/09/2008|10.58] C:\DOCUME~1\erica\DATIAP~1\Google
[30/07/2008|14.58] C:\DOCUME~1\erica\DATIAP~1\Identities
[01/10/2008|12.42] C:\DOCUME~1\erica\DATIAP~1\Microsoft
[30/07/2008|15.09] C:\DOCUME~1\erica\DATIAP~1\vlc
[0|File] C:\DOCUME~1\erica\DATIAP~1\byte
[7|Directory] C:\DOCUME~1\erica\DATIAP~1\byte disponibili
[29/07/2008|19.32] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili
[29/07/2008|19.32] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili
[28/11/2008|15.52] C:\DOCUME~1\nicola\DATIAP~1\ATI
[06/09/2008|10.58] C:\DOCUME~1\nicola\DATIAP~1\Google
[20/08/2008|17.20] C:\DOCUME~1\nicola\DATIAP~1\Identities
[20/08/2008|17.20] C:\DOCUME~1\nicola\DATIAP~1\MailFrontier
[01/09/2008|15.33] C:\DOCUME~1\nicola\DATIAP~1\Microsoft
[20/08/2008|21.57] C:\DOCUME~1\nicola\DATIAP~1\vlc
[0|File] C:\DOCUME~1\nicola\DATIAP~1\byte
[8|Directory] C:\DOCUME~1\nicola\DATIAP~1\byte disponibili
--------------------\\ Scheduled Tasks located in C:\windows\Tasks
[06/12/2008 18.22][--a------] C:\windows\tasks\GlaryInitialize.job
[06/12/2008 18.22][--ah-----] C:\windows\tasks\SA.DAT
[31/08/2001 15.00][-r-h-----] C:\windows\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Programmi
[30/07/2008|17.09] C:\Programmi\Acronis
[29/07/2008|19.36] C:\Programmi\Adobe
[30/08/2008|12.50] C:\Programmi\Ahead
[21/11/2008|18.34] C:\Programmi\Alcohol Soft
[06/12/2008|11.31] C:\Programmi\AskBarDis
[15/11/2008|00.14] C:\Programmi\ATI Technologies
[19/11/2008|07.20] C:\Programmi\BitComet
[02/10/2008|20.37] C:\Programmi\CCleaner
[29/07/2008|19.30] C:\Programmi\ComPlus Applications
[02/10/2008|20.42] C:\Programmi\Defraggler
[06/12/2008|18.24] C:\Programmi\eMule Applejuice
[06/12/2008|18.20] C:\Programmi\Eset
[15/11/2008|00.09] C:\Programmi\File comuni
[17/09/2008|20.49] C:\Programmi\Foxit Software
[02/12/2008|12.33] C:\Programmi\Glary Utilities
[14/09/2008|15.19] C:\Programmi\Google
[15/11/2008|00.09] C:\Programmi\InstallShield Installation Information
[29/07/2008|19.31] C:\Programmi\Internet Explorer
[26/11/2008|22.52] C:\Programmi\IObit
[29/07/2008|21.39] C:\Programmi\IPM
[04/10/2008|11.28] C:\Programmi\IrfanView
[03/12/2008|21.39] C:\Programmi\Java
[29/07/2008|19.36] C:\Programmi\K-Lite Mega Codec Pack
[07/09/2008|22.04] C:\Programmi\Lavasoft
[29/07/2008|19.41] C:\Programmi\Microsoft Office
[29/07/2008|19.41] C:\Programmi\Microsoft.NET
[02/12/2008|22.38] C:\Programmi\Mozilla Firefox
[29/07/2008|19.29] C:\Programmi\MSN Gaming Zone
[30/08/2008|12.59] C:\Programmi\Nero
[18/08/2008|22.18] C:\Programmi\Ontrack
[15/11/2008|00.14] C:\Programmi\Opera
[29/07/2008|19.30] C:\Programmi\Outlook Express
[29/07/2008|21.59] C:\Programmi\PowerQuest
[28/09/2008|08.48] C:\Programmi\Quintessential Player
[29/07/2008|19.55] C:\Programmi\Realtek
[03/12/2008|21.19] C:\Programmi\rnamfler
[29/07/2008|19.31] C:\Programmi\Servizi in linea
[19/09/2008|17.50] C:\Programmi\SiS VGA Utilities V3.85
[19/09/2008|17.50] C:\Programmi\sisagp
[03/09/2008|21.21] C:\Programmi\SIW
[23/11/2008|18.58] C:\Programmi\Spybot - Search & Destroy
[06/12/2008|18.23] C:\Programmi\Teen Spirit
[06/12/2008|16.49] C:\Programmi\Trend Micro
[06/09/2008|16.03] C:\Programmi\UltraISO
[03/09/2008|21.38] C:\Programmi\Uniblue
[29/07/2008|19.44] C:\Programmi\Uninstall Information
[02/12/2008|21.56] C:\Programmi\uTorrent
[28/09/2008|20.25] C:\Programmi\VideoLAN
[29/07/2008|21.44] C:\Programmi\Windows Media Player
[29/07/2008|19.29] C:\Programmi\Windows NT
[29/07/2008|19.37] C:\Programmi\WinRAR
[18/08/2008|23.57] C:\Programmi\Zone Labs
[0|File] C:\Programmi\byte
[54|Directory] C:\Programmi\byte disponibili
--------------------\\ Listing Folders in C:\Programmi\File comuni
[30/07/2008|17.07] C:\Programmi\File comuni\Acronis
[15/11/2008|00.14] C:\Programmi\File comuni\ATI Technologies
[29/07/2008|19.41] C:\Programmi\File comuni\DESIGNER
[06/09/2008|16.03] C:\Programmi\File comuni\EZB Systems
[18/08/2008|22.17] C:\Programmi\File comuni\InstallShield
[30/07/2008|17.00] C:\Programmi\File comuni\Microsoft Shared
[29/07/2008|19.30] C:\Programmi\File comuni\MSSoap
[30/08/2008|13.00] C:\Programmi\File comuni\Nero
[29/07/2008|21.23] C:\Programmi\File comuni\ODBC
[29/07/2008|19.30] C:\Programmi\File comuni\Services
[29/07/2008|21.22] C:\Programmi\File comuni\SpeechEngines
[29/07/2008|19.30] C:\Programmi\File comuni\System
[0|File] C:\Programmi\File comuni\byte
[14|Directory] C:\Programmi\File comuni\byte disponibili
--------------------\\ Process
( 40 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net Rootkit scan 2008-12-06 22:16:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\dario\Dati applicazioni\Microsoft\Office\File recenti\PC GAME Fifa 2008 Multilang ITA-FR-DEU-EN-POR crack & seial by Kickbox.LNK
C:\DOCUME~1\dario\Dati applicazioni\Microsoft\Office\File recenti\[ Grand Theft Auto 4] soluzione completa in italiano gta 4 CHEAT TRUCCHI iv codes triche crack solution pc ps3 gta4 xbox x360 ita xbox360.rtf.LNK
[F:15][D:3]-> C:\DOCUME~1\dario\IMPOST~1\Temp
[F:3][D:0]-> C:\DOCUME~1\dario\Cookies
[F:1933][D:4]-> C:\DOCUME~1\dario\IMPOST~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 06/12/2008|22.18 - Option : [1]
--------------------\\ Scan completed at 22.18.03
il log di hijackthis eseguito dopo la scansione con lop s&d:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.22.46, on 06/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\windows\Explorer.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\rnamfler\naofsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\rnamfler\naomf.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
c:\programmi\rnamfler\radprcmp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\System32\alg.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Teen Spirit\TeenSpirit.exe
C:\Programmi\eMule Applejuice\emule.exe
C:\windows\system32\svchost.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\NOTEPAD.EXE
C:\Programmi\Opera\opera.exe
C:\windows\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [wrna3ls] C:\Programmi\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programmi\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{76F5EBF1-5B8D-4D5D-808E-844E55C55DF0}: NameServer = 85.37.17.44 85.38.28.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{C340F96A-8DB0-4E9D-8B66-BD1B10DB569D}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6787 bytes
grazie mille