Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo log Opzioni
tiziano64
Inviato: Wednesday, February 18, 2009 1:39:09 PM
Rank: AiutAmico

Iscritto dal : 4/7/2001
Posts: 113
Mi potete controllare il log Grazie

Logfile of HijackThis v1.99.1
Scan saved at 13.37.14, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\rnamfler\naomf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE
C:\documents and settings\trl\impostazioni locali\dati applicazioni\ioacuss.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\rnamfler\naofsvc.exe
c:\programmi\rnamfler\radprcmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\TRL\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Programmi\rnamfler\naomf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R285 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "C:\DOCUME~1\TRL\IMPOST~1\Temp\E_S83.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ioacuss] "c:\documents and settings\trl\impostazioni locali\dati applicazioni\ioacuss.exe" ioacuss
O4 - Startup: Mostra Desktop.scf
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198241364468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198268135155
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Servizio di Google Update (gupdate1c991034ed57a34) (gupdate1c991034ed57a34) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Sponsor
Inviato: Wednesday, February 18, 2009 1:39:09 PM

 
shapiro
Inviato: Wednesday, February 18, 2009 1:55:45 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Scarica http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe e installalo.
Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows
=> scegli modalità provvisoria
(usa il tasto freccia ^

esegui Navilog1 e scegli l'opzione 4, inserisci il nome ioacuss e confermalo ridigitandolo quando richiesto.

A questo punto, ripulirà il pc dai file infetti.
Quando finisce, riavvia il pc in modalità normale

Da modalità normale, svuota C:\WINDOWS\Prefetch

Ripulisci con CCleaner i file temporanei e cookie (eseguilo 2 volte).

http://www.filehippo.com/download_ccleaner/


Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O4 - HKCU\..\Run: [ioacuss] "c:\documents and settings\trl\impostazioni locali\dati applicazioni\ioacuss.exe" ioacuss



scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum





Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis
linkin
Inviato: Wednesday, February 18, 2009 2:18:40 PM

Rank: AiutAmico

Iscritto dal : 1/4/2008
Posts: 427
Scusate se mi intrometto!
Shapiro hai un pm.
Scusate ancora!
tiziano64
Inviato: Wednesday, February 18, 2009 11:32:42 PM
Rank: AiutAmico

Iscritto dal : 4/7/2001
Posts: 113
Penso di aver fatto tutto bene invio i log
come chiesto.
Grazie


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : TRL ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:189 Go (Free:88 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 18/02/2009|23.17 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\TRL\IMPOST~1\Temp\msgpl_092e.tmp
Deleted! - C:\DOCUME~1\TRL\IMPOST~1\Temp\msgpl_0d1f.tmp
Deleted! - C:\DOCUME~1\TRL\IMPOST~1\Temp\msgpl_74e4.tmp
Deleted! - C:\DOCUME~1\TRL\IMPOST~1\Temp\msgpl_e229.tmp
Deleted! - C:\DOCUME~1\TRL\IMPOST~1\Temp\msgpl_e81f.tmp

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[23/10/2008|14.08] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[25/03/2008|14.50] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ahead
[21/12/2007|19.01] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple
[21/12/2007|19.02] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[31/01/2009|14.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Avg8
[26/01/2008|14.03] C:\DOCUME~1\ALLUSE~1\DATIAP~1\AVS4YOU
[07/01/2009|22.35] C:\DOCUME~1\ALLUSE~1\DATIAP~1\AVSVideoBurner
[12/08/2008|13.47] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Azureus
[05/02/2009|20.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink
[24/12/2007|16.47] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Elaborate Bytes
[24/01/2009|16.29] C:\DOCUME~1\ALLUSE~1\DATIAP~1\EmailNotifier
[01/07/2008|20.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\EPSON
[17/02/2009|15.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google Updater
[23/10/2008|14.35] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Karen's Power Tools
[15/07/2008|17.51] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Lavasoft
[26/08/2008|10.50] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MAGIX
[18/02/2009|23.02] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[17/02/2009|15.53] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Messenger Plus!
[18/02/2009|14.15] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[26/02/2008|15.06] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MSN6
[23/10/2008|14.20] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nero
[23/10/2008|16.15] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NOS
[03/02/2009|13.14] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NtiDvdCopy
[07/08/2008|11.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\nView_Profiles
[11/01/2009|22.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Office Genuine Advantage
[02/02/2009|21.35] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Pinnacle
[02/02/2009|21.35] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Pinnacle Studio
[24/03/2008|19.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SlySoft
[02/02/2009|21.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SmartSound Software Inc
[21/12/2007|13.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Sonic
[06/01/2008|21.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[22/09/2008|20.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
[23/12/2007|10.13] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[10/08/2008|16.10] C:\DOCUME~1\ALLUSE~1\DATIAP~1\wmp
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[36|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[21/12/2007|12.49] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[23/07/2008|18.53] C:\DOCUME~1\LOCALS~1\DATIAP~1\Adobe
[15/07/2008|21.06] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[29/12/2007|23.13] C:\DOCUME~1\NETWOR~1\DATIAP~1\Identities
[15/07/2008|21.06] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[02/02/2008|15.44] C:\DOCUME~1\TRL\DATIAP~1\.Tribler
[25/11/2008|22.30] C:\DOCUME~1\TRL\DATIAP~1\Adobe
[23/07/2008|18.50] C:\DOCUME~1\TRL\DATIAP~1\AdobeUM
[21/12/2007|22.57] C:\DOCUME~1\TRL\DATIAP~1\Ahead
[21/12/2007|19.04] C:\DOCUME~1\TRL\DATIAP~1\Apple Computer
[02/02/2008|15.35] C:\DOCUME~1\TRL\DATIAP~1\Arctic
[08/02/2009|17.05] C:\DOCUME~1\TRL\DATIAP~1\Auslogics
[11/02/2009|21.43] C:\DOCUME~1\TRL\DATIAP~1\AVS4YOU
[26/01/2008|13.52] C:\DOCUME~1\TRL\DATIAP~1\AVSMedia
[12/08/2008|15.35] C:\DOCUME~1\TRL\DATIAP~1\Azureus
[06/04/2008|16.26] C:\DOCUME~1\TRL\DATIAP~1\Comodo
[28/12/2008|00.27] C:\DOCUME~1\TRL\DATIAP~1\COWON
[21/12/2008|09.38] C:\DOCUME~1\TRL\DATIAP~1\dvdcss
[29/06/2008|18.15] C:\DOCUME~1\TRL\DATIAP~1\Eltima Software
[24/01/2009|14.42] C:\DOCUME~1\TRL\DATIAP~1\EmailNotifier
[08/02/2008|23.05] C:\DOCUME~1\TRL\DATIAP~1\FrostWire
[26/01/2008|13.51] C:\DOCUME~1\TRL\DATIAP~1\GetRight
[26/01/2008|13.51] C:\DOCUME~1\TRL\DATIAP~1\GetRightToGo
[09/01/2008|16.46] C:\DOCUME~1\TRL\DATIAP~1\Google
[21/12/2007|18.43] C:\DOCUME~1\TRL\DATIAP~1\Help
[22/12/2007|14.00] C:\DOCUME~1\TRL\DATIAP~1\HP
[29/12/2007|23.13] C:\DOCUME~1\TRL\DATIAP~1\Identities
[03/01/2008|16.15] C:\DOCUME~1\TRL\DATIAP~1\InfraRecorder
[26/01/2008|14.03] C:\DOCUME~1\TRL\DATIAP~1\InstallShield
[26/12/2007|10.13] C:\DOCUME~1\TRL\DATIAP~1\InterTrust
[28/12/2007|23.14] C:\DOCUME~1\TRL\DATIAP~1\JLC's Software
[13/04/2008|22.01] C:\DOCUME~1\TRL\DATIAP~1\LimeWire
[21/12/2007|13.46] C:\DOCUME~1\TRL\DATIAP~1\Macromedia
[26/08/2008|10.50] C:\DOCUME~1\TRL\DATIAP~1\MAGIX
[18/02/2009|23.02] C:\DOCUME~1\TRL\DATIAP~1\Malwarebytes
[29/12/2007|18.15] C:\DOCUME~1\TRL\DATIAP~1\Media Player Classic
[24/01/2009|14.44] C:\DOCUME~1\TRL\DATIAP~1\Megaupload
[28/10/2008|22.19] C:\DOCUME~1\TRL\DATIAP~1\Microsoft
[01/01/2008|23.33] C:\DOCUME~1\TRL\DATIAP~1\mIRC
[05/01/2008|18.25] C:\DOCUME~1\TRL\DATIAP~1\MixMeister Technology
[26/08/2008|09.03] C:\DOCUME~1\TRL\DATIAP~1\Mozilla
[26/02/2008|15.06] C:\DOCUME~1\TRL\DATIAP~1\MSN6
[27/08/2008|13.13] C:\DOCUME~1\TRL\DATIAP~1\Nero
[03/01/2009|14.05] C:\DOCUME~1\TRL\DATIAP~1\Opera
[26/01/2008|14.04] C:\DOCUME~1\TRL\DATIAP~1\PgcEdit
[28/04/2008|20.20] C:\DOCUME~1\TRL\DATIAP~1\Real
[24/03/2008|20.08] C:\DOCUME~1\TRL\DATIAP~1\RipIt4Me
[24/12/2007|16.43] C:\DOCUME~1\TRL\DATIAP~1\SlySoft
[22/12/2007|14.11] C:\DOCUME~1\TRL\DATIAP~1\Sun
[20/12/2008|14.39] C:\DOCUME~1\TRL\DATIAP~1\Thinstall
[02/12/2008|13.25] C:\DOCUME~1\TRL\DATIAP~1\U3
[26/01/2008|14.03] C:\DOCUME~1\TRL\DATIAP~1\UpdateStar
[14/02/2009|14.49] C:\DOCUME~1\TRL\DATIAP~1\uTorrent
[31/12/2007|14.58] C:\DOCUME~1\TRL\DATIAP~1\vlc
[04/01/2009|16.27] C:\DOCUME~1\TRL\DATIAP~1\Vso
[30/12/2007|17.12] C:\DOCUME~1\TRL\DATIAP~1\WinRAR
[04/12/2008|21.00] C:\DOCUME~1\TRL\DATIAP~1\XnView
[26/09/2008|13.28] C:\DOCUME~1\TRL\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~1\TRL\DATIAP~1\byte
[55|Directory] C:\DOCUME~1\TRL\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[18/02/2009 22.53][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[18/02/2009 22.54][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[24/01/2009 16.28][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[20/01/2009 20.37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[18/02/2009 22.53][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 11.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[23/02/2008|11.45] C:\Programmi\Add-Remove Master
[23/10/2008|14.04] C:\Programmi\Adobe
[21/12/2007|19.01] C:\Programmi\Apple Software Update
[20/03/2008|19.02] C:\Programmi\Audacity
[15/07/2008|21.30] C:\Programmi\AVG
[26/12/2008|10.24] C:\Programmi\AVIConverter
[08/02/2009|00.02] C:\Programmi\AviSynth 2.5
[08/02/2009|16.36] C:\Programmi\AVS4YOU
[26/01/2008|14.05] C:\Programmi\AVSMedia
[13/08/2008|16.11] C:\Programmi\Azureus
[21/12/2007|22.27] C:\Programmi\CCleaner
[21/02/2008|23.38] C:\Programmi\CD Audio MP3 Converter
[21/02/2008|23.37] C:\Programmi\CD to MP3 Maker
[30/11/2008|19.16] C:\Programmi\Ciemmesoft
[21/12/2007|13.09] C:\Programmi\C-Media 3D Audio
[26/01/2008|13.52] C:\Programmi\Colorful Movie Editor
[26/12/2007|10.18] C:\Programmi\Common Files
[06/04/2008|16.26] C:\Programmi\COMODO
[21/12/2007|12.47] C:\Programmi\ComPlus Applications
[15/07/2008|21.40] C:\Programmi\Crawler
[26/01/2008|14.04] C:\Programmi\Cucusoft
[20/04/2008|18.24] C:\Programmi\Disclib
[29/12/2007|18.25] C:\Programmi\DivX
[21/12/2007|20.05] C:\Programmi\DVD Shrink
[29/12/2008|18.23] C:\Programmi\DVDFab Platinum
[23/10/2008|14.24] C:\Programmi\EasyBurning
[24/12/2007|17.23] C:\Programmi\Elaborate Bytes
[21/12/2007|13.31] C:\Programmi\EPSON
[12/02/2009|13.49] C:\Programmi\EPSON Print CD
[26/01/2008|14.02] C:\Programmi\Er Finestra
[21/12/2007|22.33] C:\Programmi\EXPStudio
[18/02/2009|14.11] C:\Programmi\File comuni
[29/06/2008|18.15] C:\Programmi\FontUtilities
[27/06/2008|18.38] C:\Programmi\FontViewer
[21/12/2007|22.31] C:\Programmi\FreeRIP2
[02/12/2008|13.21] C:\Programmi\FreeUndelete
[09/02/2008|00.53] C:\Programmi\FrostWire
[17/02/2009|14.25] C:\Programmi\Google
[21/12/2007|13.39] C:\Programmi\Hewlett-Packard
[27/06/2008|18.30] C:\Programmi\Horizon5
[21/12/2007|13.39] C:\Programmi\HP
[15/12/2008|22.45] C:\Programmi\inKline Global
[02/02/2009|21.26] C:\Programmi\InstallShield Installation Information
[31/01/2009|14.10] C:\Programmi\Internet Explorer
[08/01/2009|22.29] C:\Programmi\Java
[26/10/2008|19.14] C:\Programmi\JLC's Software
[23/10/2008|14.35] C:\Programmi\Karen's Power Tools
[15/07/2008|17.52] C:\Programmi\Lavasoft
[26/01/2008|14.05] C:\Programmi\LimeWire(3)
[26/08/2008|10.50] C:\Programmi\MAGIX
[18/02/2009|23.02] C:\Programmi\Malwarebytes' Anti-Malware
[20/04/2008|18.50] C:\Programmi\Media Catalog Studio
[05/10/2008|09.02] C:\Programmi\Messenger
[17/02/2009|15.45] C:\Programmi\Messenger Plus! Live
[21/12/2007|22.08] C:\Programmi\Micrografx
[18/02/2009|14.15] C:\Programmi\Microsoft
[21/12/2007|17.49] C:\Programmi\Microsoft ActiveSync
[30/12/2007|00.37] C:\Programmi\Microsoft CAPICOM 2.1.0.2
[21/12/2007|12.50] C:\Programmi\microsoft frontpage
[21/12/2007|17.47] C:\Programmi\Microsoft Office
[22/10/2008|19.41] C:\Programmi\Microsoft Silverlight
[21/12/2007|17.48] C:\Programmi\Microsoft Visual Studio
[09/07/2008|12.28] C:\Programmi\MixMeister Express 6
[05/10/2008|08.55] C:\Programmi\Movie Maker
[18/02/2009|23.15] C:\Programmi\Mozilla Firefox
[21/02/2008|23.38] C:\Programmi\mp3cd
[03/01/2008|14.26] C:\Programmi\MP3Gain
[07/05/2008|12.42] C:\Programmi\MSBuild
[21/12/2007|12.47] C:\Programmi\MSN
[21/12/2007|12.46] C:\Programmi\MSN Gaming Zone
[18/02/2009|14.16] C:\Programmi\MSN Messenger
[21/12/2007|20.09] C:\Programmi\MSXML 4.0
[07/05/2008|12.38] C:\Programmi\MSXML 6.0
[24/03/2008|16.02] C:\Programmi\mTIRC
[18/02/2009|22.50] C:\Programmi\Navilog1
[26/01/2008|14.05] C:\Programmi\NEC
[23/10/2008|14.20] C:\Programmi\Nero
[05/10/2008|08.49] C:\Programmi\NetMeeting
[29/12/2008|18.52] C:\Programmi\NewTech Infosystems
[23/10/2008|16.15] C:\Programmi\NOS
[29/12/2007|17.49] C:\Programmi\Nuclear Coffee
[26/01/2008|14.04] C:\Programmi\OpenLibraries
[04/01/2009|00.16] C:\Programmi\Opera
[06/10/2008|11.21] C:\Programmi\Outlook Express
[06/01/2009|16.18] C:\Programmi\PFConfig
[24/01/2009|16.29] C:\Programmi\Photo Story 3 for Windows
[02/02/2009|21.27] C:\Programmi\Pinnacle
[21/12/2007|19.02] C:\Programmi\QuickTime
[07/05/2008|12.41] C:\Programmi\Reference Assemblies
[13/02/2008|12.23] C:\Programmi\Rinera Networks
[18/02/2009|14.05] C:\Programmi\rnamfler
[21/12/2007|12.47] C:\Programmi\Servizi in linea
[02/05/2008|12.43] C:\Programmi\Shareaza Applications
[04/01/2009|18.06] C:\Programmi\SIW
[29/06/2008|18.15] C:\Programmi\SlySoft
[21/06/2008|17.22] C:\Programmi\Smart Projects
[02/02/2009|21.26] C:\Programmi\SmartSound Software
[08/02/2009|16.44] C:\Programmi\Sophos
[05/01/2008|23.07] C:\Programmi\Spybot - Search & Destroy
[26/01/2008|14.05] C:\Programmi\StudioLine Photo Basic
[26/01/2008|14.03] C:\Programmi\SystemRequirementsLab
[26/01/2008|14.03] C:\Programmi\TELE2
[26/01/2008|14.05] C:\Programmi\The FilmMachine
[02/02/2008|15.46] C:\Programmi\Tribler
[28/01/2009|12.57] C:\Programmi\UnderCoverXP
[26/12/2007|10.18] C:\Programmi\Uninstall Information
[22/09/2008|22.32] C:\Programmi\uTorrent
[31/12/2007|14.57] C:\Programmi\VideoLAN
[28/03/2008|13.29] C:\Programmi\VisualTaskTips
[10/08/2008|16.11] C:\Programmi\WebMediaPlayer
[24/01/2009|16.29] C:\Programmi\Windows Defender
[18/02/2009|14.15] C:\Programmi\Windows Live
[18/02/2009|14.14] C:\Programmi\Windows Live SkyDrive
[24/01/2009|16.49] C:\Programmi\Windows Media Connect 2
[24/01/2009|16.49] C:\Programmi\Windows Media Player
[05/10/2008|08.49] C:\Programmi\Windows NT
[21/12/2007|13.50] C:\Programmi\WindowsUpdate
[24/03/2008|23.08] C:\Programmi\WinPcap
[30/12/2007|17.11] C:\Programmi\WinRAR
[21/12/2007|18.43] C:\Programmi\WinZip
[21/12/2007|12.50] C:\Programmi\xerox
[28/12/2008|00.29] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[124|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[23/10/2008|14.04] C:\Programmi\File comuni\Adobe
[23/10/2008|14.25] C:\Programmi\File comuni\Ahead
[08/02/2009|16.37] C:\Programmi\File comuni\AVSMedia
[21/12/2007|17.48] C:\Programmi\File comuni\Designer
[21/12/2007|13.34] C:\Programmi\File comuni\Hewlett-Packard
[21/12/2007|13.42] C:\Programmi\File comuni\HP
[12/10/2008|21.10] C:\Programmi\File comuni\InstallShield
[21/12/2007|17.55] C:\Programmi\File comuni\Java
[21/12/2007|17.45] C:\Programmi\File comuni\L&H
[31/08/2008|16.42] C:\Programmi\File comuni\MAGIX Shared
[18/02/2009|14.15] C:\Programmi\File comuni\Microsoft Shared
[21/12/2007|12.47] C:\Programmi\File comuni\MSSoap
[04/11/2008|21.50] C:\Programmi\File comuni\muvee Technologies
[23/10/2008|14.20] C:\Programmi\File comuni\Nero
[04/11/2008|21.49] C:\Programmi\File comuni\NewTech Infosystems
[21/12/2007|11.40] C:\Programmi\File comuni\ODBC
[28/04/2008|20.20] C:\Programmi\File comuni\Real
[06/10/2008|11.21] C:\Programmi\File comuni\Services
[21/12/2007|13.42] C:\Programmi\File comuni\Sonic Shared
[21/12/2007|11.39] C:\Programmi\File comuni\SpeechEngines
[06/10/2008|11.21] C:\Programmi\File comuni\System
[18/02/2009|14.11] C:\Programmi\File comuni\Windows Live
[15/07/2008|21.21] C:\Programmi\File comuni\Wise Installation Wizard
[28/04/2008|20.20] C:\Programmi\File comuni\xing shared
[0|File] C:\Programmi\File comuni\byte
[26|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 45 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 23:19:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections

C:\Programmi\WebMediaPlayer
C:\Programmi\WebMediaPlayer\resources
C:\Programmi\WebMediaPlayer\skins
C:\Programmi\WebMediaPlayer\sqlite3.dll
C:\Programmi\WebMediaPlayer\uninst.exe
C:\Programmi\WebMediaPlayer\updates
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\WebMediaPlayer
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\WebMediaPlayer\Condizioni generali.url
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\WebMediaPlayer\Disinstalla.lnk
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\WebMediaPlayer\Riservatezza.url
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\WebMediaPlayer\WebMediaPlayer.lnk
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\WebMediaPlayer\Website.url

C:\DOCUME~1\TRL\IMPOST~1\DATIAP~1\aeqks.dat
C:\DOCUME~1\TRL\IMPOST~1\DATIAP~1\aeqks.exe
C:\DOCUME~1\TRL\IMPOST~1\DATIAP~1\aeqks_nav.dat
C:\DOCUME~1\TRL\IMPOST~1\DATIAP~1\aeqks_navps.dat
C:\DOCUME~1\TRL\IMPOST~1\DATIAP~1\ioacuss.dat
C:\DOCUME~1\TRL\IMPOST~1\DATIAP~1\ioacuss.exe
C:\DOCUME~1\TRL\IMPOST~1\DATIAP~1\ioacuss_nav.dat
C:\DOCUME~1\TRL\IMPOST~1\DATIAP~1\ioacuss_navps.dat
==> EGDACCESS <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\TRL\Desktop\Fonts\Windows_XP_Keygen_(WWW.CRACK-LOCATOR.ORG).zip
C:\DOCUME~1\TRL\Desktop\Fonts\Fonts zip C\christmas_on_crack.zip
C:\DOCUME~1\TRL\Desktop\Fonts\Fonts zip C\crackaddict.zip
C:\DOCUME~1\TRL\Desktop\Fonts\Fonts zip C\crackdown.zip
C:\DOCUME~1\TRL\Desktop\Fonts\Fonts zip C\crackman.zip
C:\DOCUME~1\TRL\Desktop\Fonts\Fonts zip C\crack_babies.zip


[F:322][D:8]-> C:\DOCUME~1\TRL\IMPOST~1\Temp
[F:7][D:0]-> C:\DOCUME~1\TRL\Cookies
[F:8][D:2]-> C:\DOCUME~1\TRL\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 18/02/2009|23.14 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/02/2009|23.20 - Option : [2]

--------------------\\ Scan completed at 23.20.36



Nuovo log. Hijckthis


Logfile of HijackThis v1.99.1
Scan saved at 23.27.09, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\rnamfler\naomf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\rnamfler\radprcmp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\rnamfler\naofsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Java\jre6\bin\java.exe
C:\Documents and Settings\TRL\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Programmi\rnamfler\naomf.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R285 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "C:\DOCUME~1\TRL\IMPOST~1\Temp\E_S83.tmp" /EF "HKCU"
O4 - Startup: Mostra Desktop.scf
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198241364468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198268135155
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Servizio di Google Update (gupdate1c991034ed57a34) (gupdate1c991034ed57a34) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


shapiro
Inviato: Thursday, February 19, 2009 10:00:35 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
avresti dovuto postarmi il report di navilog

hai ancora delle infezioni nel pc

perche' non hai eseguito malwarebytes?

esegui attentamente queste operazioni



scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum



___


Riavvia il computer in modalità provvisoria, esegui Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)
Quando finisce, riavvia il pc in modalità normale

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Svuota C:\WINDOWS\Prefetch


Riesegui navilog in modalità normale (opzione 1) e accertati che non escano altri file.Se non esce nulla, puoi disinstallare navilog1

Posta il report che ti rilascia


molto probabilmente l'artefice di alcune infezioni e' WebMediaPlayer

se vui un consiglio, toglilo dal pc - poi sta' a te scegliere

tiziano64
Inviato: Thursday, February 19, 2009 9:37:29 PM
Rank: AiutAmico

Iscritto dal : 4/7/2001
Posts: 113
Questo dobrebbe essere quello giusto

Search Navipromo version 3.7.4 began on 19/02/2009 at 21.32.57,64

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programmi\navilog1

Updated on 16.02.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : TRL ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:189 Go (Free:88 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)


Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\TRL\datiap~1" ***


*** Search folders in "C:\Documents and Settings\TRL\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\TRL\menuav~1\progra~1" ***


*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\TRL\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\TRL\impost~1\datiap~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 19/02/2009 at 21.33.59,98 ***
shapiro
Inviato: Thursday, February 19, 2009 9:53:47 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
sono due volte che ti chiedo la scansione di malwarebytes


mi rifai la scansione con LopSD?

http://eric.71.mespages.googlepages.com/LopSD.exe
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.