Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » VERAMENTE URGENTE mi controllate il LOG di hijack...GRAZIE 1000

2 pages: [1] 2
VERAMENTE URGENTE mi controllate il LOG di hijack...GRAZIE 1000 Opzioni
Topic Precedente · Topic Sucessivo
lucacul
Inviato: Thursday, February 05, 2009 7:27:52 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.23.52, on 05/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\pc\Desktop\HiJackThis_v2.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\AVG\AVG8\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programmi\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.190.it (HKLM)
O15 - Trusted Zone: *.csi.it (HKLM)
O15 - Trusted Zone: *.estranet.it (HKLM)
O15 - Trusted Zone: *.ibm.com (HKLM)
O15 - Trusted Zone: *.lastampa.it (HKLM)
O15 - Trusted Zone: *.libero.it (HKLM)
O15 - Trusted Zone: *.macromedia.com (HKLM)
O15 - Trusted Zone: *.msni.it (HKLM)
O15 - Trusted Zone: *.regione.piemonte.it (HKLM)
O15 - Trusted Zone: *.rai.it (HKLM)
O15 - Trusted Zone: *.repubblica.it (HKLM)
O15 - Trusted Zone: *.sun.com (HKLM)
O15 - Trusted Zone: *.tin.it (HKLM)
O15 - Trusted Zone: *.comune.torino.it (HKLM)
O15 - Trusted Zone: *.provincia.torino.it (HKLM)
O15 - Trusted Zone: *.virgilio.it (HKLM)
O15 - Trusted Zone: *.www.ansa.* (HKLM)
O15 - Trusted Zone: *.www.google.* (HKLM)
O15 - Trusted Zone: *.www.tiscali.* (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202388787078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D5ECA5A-10A1-4ECE-8C67-1A33E3CEAB2F}: NameServer = 62.149.128.4,193.79.192.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Print Spooler Service (eeenpuub) - Unknown owner - C:\WINDOWS\system32\nqln.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10647 bytes
Torna in alto
 
Sponsor
Inviato: Thursday, February 05, 2009 7:27:52 PM

 
Torna in alto
 
shapiro
Inviato: Thursday, February 05, 2009 8:09:06 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
scarica lo script per riparare la trusted zone

http://www.mvps.org/winhelp2002/DelDomains.inf â—„ (tasto destro sul link e salvalo sul desktop)


1/disattiva il ripristino configurazione di sistema
(Vai su Start--->tasto destro del mouse sull'icona Risorse del computer----> Proprietà.Nella sezione "Ripristino configurazione di sistema",spuntare "Disattiva Ripristino configurazione di sistema)
2/Assciurati di avere accesso a cartelle e file nascosti
(Pannello di controllo---> Opzioni Cartella ---> Visualizzazione--->metti la spunta su"visualizza file e cartelle nascoste"--->disattiva nascondi file e cartelle di sistema)
3/Avvia il computer in modalità provvisoria
Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^)

Una volta riavviato esegui lo script per riparare la Trusted Zone--->click con il tasto destro sul file e seleziona Installa
Poi con hijackthis fixa tutte le 015

appena finito Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis


hai installato tu la Ask Toolbar?
Torna in alto
 
simo95
Inviato: Friday, February 06, 2009 2:18:35 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
shapiro ha scritto:
hai installato tu la Ask Toolbar?


la ask toolbar si installa DA SOLA quando si aggiorna NERO (alla versione 7 mi sembra...) .

dicono che è utile ma in verità è uno spyware che può causare anche dirottamenti da parte del browser verso ask.com
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 3:09:08 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
no nn l ho aggiunto io...come faccio???
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 3:09:42 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
allego un altro log di hijack....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.06.35, on 06/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\pc\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programmi\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202388787078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D5ECA5A-10A1-4ECE-8C67-1A33E3CEAB2F}: NameServer = 62.149.128.4,193.79.192.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Print Spooler Service (eeenpuub) - Unknown owner - C:\WINDOWS\system32\nqln.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9826 bytes
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 3:21:55 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
aggiungo un log con lopSD


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : Default System BIOS
USER : pc ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:57 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 06/02/2009|15.17 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\pc\IMPOST~1\Temp\nsw4BB.tmp
Deleted! - C:\Programmi\BitDownload\session.store
Deleted! - C:\Programmi\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe
Deleted! - C:\Programmi\BitTorrent Fastest Tool\INSTALL.LOG
Deleted! - C:\WINDOWS\Tasks\B11566C09AD71B74.job
Deleted! - C:\DOCUME~1\ALLUSE~1\DATIAP~1\Grid Blue Memo Site
Deleted! - C:\DOCUME~1\pc\DATIAP~1\kindsa~1
Deleted! - C:\Programmi\kindsa~1
Deleted! - C:\Programmi\Adverts
Deleted! - C:\Programmi\BitDownload
Deleted! - C:\Programmi\BitTorrent Fastest Tool
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[24/01/2008|14.17] C:\DOCUME~1\ADMINI~1\DATIAP~1\DivX
[24/01/2008|13.42] C:\DOCUME~1\ADMINI~1\DATIAP~1\Identities
[14/11/2008|19.15] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[24/01/2008|13.43] C:\DOCUME~1\ADMINI~1\DATIAP~1\Real
[24/01/2008|14.24] C:\DOCUME~1\ADMINI~1\DATIAP~1\Sun
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[7|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[18/02/2008|20.56] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[19/01/2009|15.19] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple
[19/01/2009|15.19] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[05/02/2009|14.32] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg8
[23/03/2008|19.12] C:\DOCUME~1\ALLUSE~1\DATIAP~1\AVS4YOU
[04/02/2007|21.14] C:\DOCUME~1\ALLUSE~1\DATIAP~1\BVRP Software
[12/01/2008|15.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CanonBJ
[12/01/2008|15.53] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CanonIJPLM
[26/05/2008|19.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Corel
[23/01/2007|16.29] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CyberLink
[18/02/2008|20.41] C:\DOCUME~1\ALLUSE~1\DATIAP~1\FLEXnet
[18/06/2007|14.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[22/01/2007|00.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Macromedia
[22/01/2007|00.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Macrovision
[14/11/2008|20.08] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[15/11/2008|10.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\McNeel
[07/04/2008|20.20] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Messenger Plus!
[01/07/2008|19.57] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[07/01/2008|20.11] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NVIDIA
[07/01/2008|20.28] C:\DOCUME~1\ALLUSE~1\DATIAP~1\nView_Profiles
[01/04/2008|20.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\QuickTime
[24/11/2008|19.22] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[05/10/2008|12.12] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TVU Networks
[03/05/2008|12.33] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Winamp Toolbar
[19/03/2007|19.50] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[18/03/2008|23.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[28|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[18/01/2007|13.03] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[14/11/2008|18.54] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[15/05/2008|17.49] C:\DOCUME~1\LUCA90~1\DATIAP~1\Adobe
[11/06/2008|07.27] C:\DOCUME~1\LUCA90~1\DATIAP~1\AdobeUM
[15/11/2008|13.22] C:\DOCUME~1\LUCA90~1\DATIAP~1\AVGTOOLBAR
[15/01/2008|21.18] C:\DOCUME~1\LUCA90~1\DATIAP~1\CyberLink
[28/02/2008|19.01] C:\DOCUME~1\LUCA90~1\DATIAP~1\DivX
[06/01/2008|15.37] C:\DOCUME~1\LUCA90~1\DATIAP~1\Identities
[27/12/2008|21.54] C:\DOCUME~1\LUCA90~1\DATIAP~1\InstallShield
[29/02/2008|13.50] C:\DOCUME~1\LUCA90~1\DATIAP~1\InterTrust
[06/01/2009|12.26] C:\DOCUME~1\LUCA90~1\DATIAP~1\LG Electronics
[15/05/2008|17.49] C:\DOCUME~1\LUCA90~1\DATIAP~1\Macromedia
[01/04/2008|20.53] C:\DOCUME~1\LUCA90~1\DATIAP~1\Media Player Classic
[14/11/2008|19.15] C:\DOCUME~1\LUCA90~1\DATIAP~1\Microsoft
[09/09/2008|16.41] C:\DOCUME~1\LUCA90~1\DATIAP~1\Mozilla
[06/06/2008|16.16] C:\DOCUME~1\LUCA90~1\DATIAP~1\Real
[20/04/2008|13.04] C:\DOCUME~1\LUCA90~1\DATIAP~1\vlc
[10/09/2008|17.47] C:\DOCUME~1\LUCA90~1\DATIAP~1\Winamp
[0|File] C:\DOCUME~1\LUCA90~1\DATIAP~1\byte
[18|Directory] C:\DOCUME~1\LUCA90~1\DATIAP~1\byte disponibili

[14/11/2008|18.54] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[09/10/2008|20.24] C:\DOCUME~1\pc\DATIAP~1\Adobe
[30/01/2007|19.38] C:\DOCUME~1\pc\DATIAP~1\AdobeUM
[14/11/2008|22.26] C:\DOCUME~1\pc\DATIAP~1\AVGTOOLBAR
[23/03/2008|19.12] C:\DOCUME~1\pc\DATIAP~1\AVS4YOU
[02/02/2009|19.05] C:\DOCUME~1\pc\DATIAP~1\BitTorrent
[26/05/2008|19.21] C:\DOCUME~1\pc\DATIAP~1\Corel
[24/01/2007|22.47] C:\DOCUME~1\pc\DATIAP~1\CyberLink
[27/03/2008|19.58] C:\DOCUME~1\pc\DATIAP~1\DAEMON Tools
[25/02/2007|18.14] C:\DOCUME~1\pc\DATIAP~1\DivX
[06/02/2009|15.17] C:\DOCUME~1\pc\DATIAP~1\DNA
[03/04/2008|19.47] C:\DOCUME~1\pc\DATIAP~1\GetRightToGo
[18/01/2007|13.12] C:\DOCUME~1\pc\DATIAP~1\Identities
[24/01/2007|19.35] C:\DOCUME~1\pc\DATIAP~1\InstallShield
[02/06/2007|13.46] C:\DOCUME~1\pc\DATIAP~1\InterTrust
[24/01/2008|16.40] C:\DOCUME~1\pc\DATIAP~1\LaCie
[06/01/2009|22.01] C:\DOCUME~1\pc\DATIAP~1\LG Electronics
[17/11/2008|22.10] C:\DOCUME~1\pc\DATIAP~1\LimeWire
[22/01/2007|00.38] C:\DOCUME~1\pc\DATIAP~1\Macromedia
[14/11/2008|20.08] C:\DOCUME~1\pc\DATIAP~1\Malwarebytes
[26/05/2008|15.17] C:\DOCUME~1\pc\DATIAP~1\Microsoft
[01/09/2008|20.04] C:\DOCUME~1\pc\DATIAP~1\Mozilla
[20/06/2007|08.58] C:\DOCUME~1\pc\DATIAP~1\Opera
[06/04/2008|10.31] C:\DOCUME~1\pc\DATIAP~1\Real
[01/07/2008|20.01] C:\DOCUME~1\pc\DATIAP~1\Registry Booster
[28/03/2008|15.19] C:\DOCUME~1\pc\DATIAP~1\SecuROM
[17/11/2008|22.16] C:\DOCUME~1\pc\DATIAP~1\Shareaza
[22/06/2008|18.06] C:\DOCUME~1\pc\DATIAP~1\SQLyog
[25/04/2007|09.05] C:\DOCUME~1\pc\DATIAP~1\Sun
[30/10/2008|11.24] C:\DOCUME~1\pc\DATIAP~1\TeamViewer
[16/04/2008|20.17] C:\DOCUME~1\pc\DATIAP~1\TVU networks
[01/07/2008|18.48] C:\DOCUME~1\pc\DATIAP~1\Uniblue
[20/11/2007|13.26] C:\DOCUME~1\pc\DATIAP~1\vlc
[04/05/2008|09.23] C:\DOCUME~1\pc\DATIAP~1\Winamp
[0|File] C:\DOCUME~1\pc\DATIAP~1\byte
[35|Directory] C:\DOCUME~1\pc\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[24/01/2009 23.05][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[06/02/2009 14.35][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 11.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[19/08/2004 14.39][--ahs----] C:\WINDOWS\tasks\FOLDER.TSX

--------------------\\ Listing Folders in C:\Programmi

[09/02/2007|15.47] C:\Programmi\3DO
[19/06/2008|11.33] C:\Programmi\Activision
[18/02/2008|20.42] C:\Programmi\Adobe
[14/11/2008|23.39] C:\Programmi\Adzgalore Games Collection
[21/01/2007|23.45] C:\Programmi\Ahead
[14/11/2008|18.36] C:\Programmi\AimOne Video Converter
[27/03/2008|19.26] C:\Programmi\Alcohol Soft
[19/01/2009|15.19] C:\Programmi\Apple Software Update
[01/02/2009|21.20] C:\Programmi\AskBarDis
[01/02/2009|21.20] C:\Programmi\AskSearch
[23/01/2007|16.36] C:\Programmi\AutoPatcher
[18/06/2007|11.09] C:\Programmi\Avanquest update
[14/11/2008|18.56] C:\Programmi\AVG
[23/03/2008|19.11] C:\Programmi\AVS4YOU
[23/03/2008|21.30] C:\Programmi\A-Z
[04/07/2008|12.47] C:\Programmi\Beach Soccer
[27/10/2007|15.40] C:\Programmi\Bethesda Softworks
[19/11/2008|16.00] C:\Programmi\BitComet
[01/02/2009|21.21] C:\Programmi\BitTorrent
[18/02/2008|20.23] C:\Programmi\Bonjour
[12/01/2008|15.53] C:\Programmi\Canon
[12/01/2008|15.48] C:\Programmi\CanonBJ
[13/11/2008|22.00] C:\Programmi\CCleaner
[18/01/2007|13.00] C:\Programmi\ComPlus Applications
[24/06/2008|09.33] C:\Programmi\Conduit
[26/05/2008|19.02] C:\Programmi\Corel
[23/01/2007|16.29] C:\Programmi\CyberLink
[27/03/2008|20.01] C:\Programmi\DAEMON Tools Lite
[26/05/2007|08.06] C:\Programmi\Deamm
[02/06/2007|13.47] C:\Programmi\DigitalImageDevice
[25/02/2007|18.06] C:\Programmi\DivX
[07/10/2007|15.27] C:\Programmi\DK
[06/02/2009|14.37] C:\Programmi\DNA
[27/12/2008|22.26] C:\Programmi\Effects
[30/03/2008|18.53] C:\Programmi\Eidos
[28/03/2008|14.45] C:\Programmi\Electronic Arts
[24/01/2009|17.48] C:\Programmi\eMule
[14/11/2008|18.44] C:\Programmi\ESET
[19/01/2009|15.20] C:\Programmi\File comuni
[11/03/2007|17.59] C:\Programmi\FX Uninstall Information
[20/02/2007|18.19] C:\Programmi\Gaelco Multimedia
[28/03/2008|15.18] C:\Programmi\GameSpy
[23/06/2008|20.33] C:\Programmi\GameSpy Arcade
[25/02/2007|18.06] C:\Programmi\Google
[27/12/2008|22.09] C:\Programmi\Guillemot
[27/12/2008|22.09] C:\Programmi\Hercules
[23/01/2007|16.39] C:\Programmi\HighMAT CD Writing Wizard
[20/01/2009|21.44] C:\Programmi\HWiNFO32
[08/05/2007|16.57] C:\Programmi\Imperivm - Le Grandi Bataglie di Roma
[06/01/2009|12.31] C:\Programmi\InstallShield Installation Information
[01/04/2008|20.52] C:\Programmi\Internet Explorer
[21/01/2007|23.38] C:\Programmi\Java
[31/08/2008|19.06] C:\Programmi\KavaClan Group
[21/01/2007|23.33] C:\Programmi\K-Lite Codec Pack
[24/01/2008|16.39] C:\Programmi\LaCie
[08/12/2008|19.19] C:\Programmi\Lavalys
[06/01/2009|12.25] C:\Programmi\LG PC Suite
[22/01/2007|00.38] C:\Programmi\Macromedia
[24/11/2008|22.03] C:\Programmi\Maxis
[22/01/2007|10.55] C:\Programmi\Messenger
[08/12/2007|10.25] C:\Programmi\Messenger Plus! Live
[18/01/2007|13.04] C:\Programmi\microsoft frontpage
[02/02/2008|10.49] C:\Programmi\Microsoft Games
[21/01/2007|23.35] C:\Programmi\Microsoft Office
[21/01/2007|23.35] C:\Programmi\Microsoft Visual Studio
[21/01/2007|23.35] C:\Programmi\Microsoft Works
[21/01/2007|23.36] C:\Programmi\Microsoft.NET
[18/06/2007|11.08] C:\Programmi\Motorola Phone Tools
[18/01/2007|13.01] C:\Programmi\Movie Maker
[06/02/2009|14.50] C:\Programmi\Mozilla Firefox
[23/01/2007|16.46] C:\Programmi\MSBuild
[18/01/2007|13.00] C:\Programmi\MSN Gaming Zone
[18/03/2008|23.08] C:\Programmi\MSN Messenger
[23/01/2007|16.53] C:\Programmi\MSXML 4.0
[27/12/2008|22.20] C:\Programmi\Music
[24/01/2007|19.36] C:\Programmi\NAMCO BANDAI Games
[18/01/2007|13.02] C:\Programmi\NetMeeting
[29/03/2008|18.53] C:\Programmi\OpenAL
[07/02/2008|13.41] C:\Programmi\Outlook Express
[01/01/2009|18.20] C:\Programmi\playlists
[19/01/2009|15.20] C:\Programmi\QuickTime
[21/11/2007|16.25] C:\Programmi\Real
[18/01/2007|13.30] C:\Programmi\Realtek
[23/01/2007|16.43] C:\Programmi\Reference Assemblies
[01/04/2008|19.56] C:\Programmi\Sacred Edizione Oro
[27/12/2008|22.18] C:\Programmi\Samples
[18/01/2007|13.02] C:\Programmi\Servizi in linea
[17/11/2008|22.16] C:\Programmi\Shareaza
[27/12/2008|22.18] C:\Programmi\Skins
[24/11/2008|19.27] C:\Programmi\Spybot - Search & Destroy
[22/06/2008|18.14] C:\Programmi\SQLyog Community
[23/01/2007|16.54] C:\Programmi\Strumento di rimozione malware
[27/10/2007|14.48] C:\Programmi\THQ
[05/10/2008|14.12] C:\Programmi\TVUPlayer
[18/01/2007|13.12] C:\Programmi\Uninstall Information
[22/01/2007|00.43] C:\Programmi\UPHClean
[18/06/2007|10.48] C:\Programmi\U-Storage Tool2.901
[09/02/2007|15.45] C:\Programmi\Vegas Games 2000 Demo
[27/12/2008|22.18] C:\Programmi\VideoEffects
[27/12/2008|22.18] C:\Programmi\VideoTransitions
[01/12/2008|16.37] C:\Programmi\VirtualDJ
[25/06/2007|09.06] C:\Programmi\WIDCOMM
[14/11/2008|15.14] C:\Programmi\Winamp
[03/05/2008|12.33] C:\Programmi\Winamp Toolbar
[18/03/2008|23.07] C:\Programmi\Windows Live
[01/05/2007|16.45] C:\Programmi\Windows Live Safety Center
[07/02/2008|13.41] C:\Programmi\Windows Media Player
[18/01/2007|13.00] C:\Programmi\Windows NT
[18/01/2007|13.02] C:\Programmi\WindowsUpdate
[27/03/2008|20.00] C:\Programmi\WinRAR
[01/04/2008|19.39] C:\Programmi\WoW-BurningCrusade-enUS-Full-Installer
[18/01/2007|13.04] C:\Programmi\xerox
[23/03/2008|21.33] C:\Programmi\XviD
[13/11/2008|22.00] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[116|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[18/02/2008|20.23] C:\Programmi\File comuni\Adobe
[21/01/2007|23.48] C:\Programmi\File comuni\Adobe Systems Shared
[21/01/2007|23.44] C:\Programmi\File comuni\Ahead
[19/01/2009|15.20] C:\Programmi\File comuni\Apple
[23/03/2008|19.12] C:\Programmi\File comuni\AVSMedia
[26/05/2008|19.03] C:\Programmi\File comuni\Corel
[21/01/2007|23.35] C:\Programmi\File comuni\DESIGNER
[07/10/2007|10.08] C:\Programmi\File comuni\InstallShield
[21/01/2007|23.37] C:\Programmi\File comuni\Java
[22/01/2007|00.38] C:\Programmi\File comuni\Macromedia Shared
[18/02/2008|20.03] C:\Programmi\File comuni\Macrovision Shared
[23/03/2008|19.10] C:\Programmi\File comuni\Microsoft Shared
[18/01/2007|13.01] C:\Programmi\File comuni\MSSoap
[18/01/2007|13.55] C:\Programmi\File comuni\ODBC
[26/05/2008|19.08] C:\Programmi\File comuni\Protexis
[06/04/2008|10.44] C:\Programmi\File comuni\Real
[18/01/2007|13.02] C:\Programmi\File comuni\Services
[18/01/2007|13.55] C:\Programmi\File comuni\SpeechEngines
[02/03/2007|15.19] C:\Programmi\File comuni\SWF Studio
[07/02/2008|13.41] C:\Programmi\File comuni\System
[18/03/2008|23.07] C:\Programmi\File comuni\WindowsLiveInstaller
[06/04/2008|10.44] C:\Programmi\File comuni\xing shared
[0|File] C:\Programmi\File comuni\byte
[24|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 36 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 15:18:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\HERETiC.txt
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\Registry Booster
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\RegistryBooster.exe
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\SpeedUpMyPC 2.0
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\Uniblue.url
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\WinBackup 2.0 Standard
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\WinTasks 5 Professional
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\Registry Booster\Registry Booster.doc
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\Registry Booster\Registry Booster.url
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\Registry Booster\registryboosterdstbyb.exe
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\SpeedUpMyPC 2.0\SpeedUpMyPC 2.0.doc
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\SpeedUpMyPC 2.0\SpeedUpMyPC 2.0.url
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\SpeedUpMyPC 2.0\speedupmypctrial.exe
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\WinBackup 2.0 Standard\WinBackup 2.0 Standard.doc
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\WinBackup 2.0 Standard\WinBackup 2.0 Standard.url
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\WinBackup 2.0 Standard\winbackup2std.exe
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\WinTasks 5 Professional\WinTasks 5 Professional.doc
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\WinTasks 5 Professional\WinTasks 5 Professional.url
C:\DOCUME~1\pc\Desktop\Uniblue Registry Booster v2.0 + Crack\WinTasks 5 Professional\wintaskspro2.exe
C:\DOCUME~1\pc\Documenti\Downloads\Fairlight\PES2008 CRACK-ViTALiTY
C:\DOCUME~1\pc\Documenti\Downloads\Fairlight\PES2008 CRACK-ViTALiTY\memory.JPG
C:\DOCUME~1\pc\Documenti\Downloads\Fairlight\PES2008 CRACK-ViTALiTY\Thumbs.db


[F:375][D:17]-> C:\DOCUME~1\pc\IMPOST~1\Temp
[F:79][D:0]-> C:\DOCUME~1\pc\Cookies
[F:187][D:28]-> C:\DOCUME~1\pc\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 06/02/2009|15.16 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 06/02/2009|15.19 - Option : [2]

--------------------\\ Scan completed at 15.19.39
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 3:56:16 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
disinstalla la Ask Toolbar

avvia hjt e fixa queste voci:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll

O23 - Service: Print Spooler Service (eeenpuub) - Unknown owner - C:\WINDOWS\system32\nqln.exe (file missing)

premi fix checked


scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum



hai pulito la trusted zone come ti ho detto?
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 4:06:06 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
disinstallato ask...per i trusted nn ci sono piu e nn so cosa sia successo...ma ho fatto cm dicevi te...grazie 1000 del tuo aiuto ora installo il programma ke dicevi tu
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 4:30:55 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
appena finito malwarebytes, postami il report
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 4:33:50 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
senti shapiro volevo chiederti delle cose...uno e ke ho il task manager ke mi ciulano la memoria allocata fino 529 m...e passa a volte...di cui firefox mangia 100.000 kb abbondanti cm faccio??? e lentissimo...
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 4:48:51 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova a fare cosi'

apri firefox - nella pagina degli indirizzi digita about:config

ti uscirá una lista- scorri finché non trovi browser.sessionhistory.max_total_viewers tasto destro su questa-modifica e cambia il valore da-1 a 0
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 4:50:33 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
fatto messo su 0 e ora???
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 4:51:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
vedi se hai ancora il problema della cpu alta e se il pc recupera
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 4:55:24 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
no uffi...ne ho 2 palle...di sto pc...memoria allocata sempre sui 530m... io ho una ram di 512...sei la mia salvezza...anche perche nn riesco a lavorare cn 1000 cose aperte e photoshop nn me lo tiene...cosa ke da molto fastidio...visto ke era na scheggia...uffi...cmq grazie ancora x il tuo tempo
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 4:57:22 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riporta il valore come era, cioe' a 1

poi dimmi quale altro processo hai con la cpu alta oltre firefox
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 5:03:27 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
firefox con 90.000 kb
system 62.000
rthdcpl.exe 23.000
mbam.exe 20.000 (va bn xk sta ancora in scansione...)
svchost.exe 20.000
explorer.exe17.000
avgrsx.exe 14.000

ecc...

in totale 43 processi memoria allocata 570....
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 5:08:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova a terminare il processo di firefox e vedi se acquista in velocita'
Torna in alto
 
lucacul
Inviato: Friday, February 06, 2009 5:14:00 PM
Rank: Newbie

Iscritto dal : 11/14/2008
Posts: 0
se per velocita intendi arrivare a 416 m di memoria va bene...cmq e un periodo ke firefox nn mi ricorda neanke piu le password...cioe nel senso ke sn segnate ma ogni volta ke lo riavvia mi fa riloggare...puo essere un virus a firefox???
Torna in alto
 
shapiro
Inviato: Friday, February 06, 2009 5:19:21 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


hai aggiornato firefox regolarmente? che versione hai?


prova a fare la scansione che ti avevo chiesto prima, cosi' vediamo bene
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » VERAMENTE URGENTE mi controllate il LOG di hijack...GRAZIE 1000


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.