Condividi:        

Trojan

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Trojan

Postdi mosvy » 18/02/09 18:18

E' comparsa improvvisamente una X bianca su fondo rosso nella barra dell'avvio automatico con un falso avviso di "Warning Security Report" e cliccando sopra con il tasto destro o sinistro parte una falsa scansione! E' siuramente un trojan ma non riesc ad eliminarlo. Come fare? devo proprio formattare?
mosvy
Utente Junior
 
Post: 25
Iscritto il: 28/12/07 14:21

Sponsor
 

Re: Trojan

Postdi shel » 18/02/09 19:06

ciao

ma che formattti....toglitelo dalla testa (tutti a formattare)

scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum



Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan

Postdi mosvy » 18/02/09 19:19

Grazie.. Sto già facendo la scansione con Malwarebytes, ormai sono già 40 min......
aspetto fiducioso dopodichè vado con l'altra scansione...
mosvy
Utente Junior
 
Post: 25
Iscritto il: 28/12/07 14:21

Re: Trojan

Postdi mosvy » 18/02/09 21:00

Queste le scansioni di seguito: Malwarebytes, Lop1, Lop2 e HijackThis:
Malwarebytes' Anti-Malware 1.34
Versione del database: 1775
Windows 5.1.2600 Service Pack 3

18/02/2009 19.48.49
mbam-log-2009-02-18 (19-48-41).txt

Tipo di scansione: Scansione completa (C:\|K:\|)
Elementi scansionati: 200365
Tempo trascorso: 1 hour(s), 13 minute(s), 27 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 1
Valori di registro infetti: 11
Elementi dato del registro infetti: 13
Cartelle infette: 3
File infetti: 18

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Documents and Settings\Mauro\Impostazioni locali\Temp\wndutl32.dll (Trojan.FakeAlert) -> No action taken.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\ntos.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Programmi\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Programmi\CMVideoPlugin (Trojan.BHO) -> No action taken.

File infetti:
C:\Documents and Settings\Mauro\Impostazioni locali\Temp\wndutl32.dll (Trojan.FakeAlert) -> No action taken.
K:\Utility\EvID4226Patch223d-en\EvID4226Patch.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\svc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\svhoster.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\admparseh.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\runsql.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\sv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\svzip.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\svw.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Mauro\Dati applicazioni\config.cfg (Malware.Trace) -> No action taken.
C:\Documents and Settings\Mauro\Dati applicazioni\~tmp.html (Malware.Trace) -> No action taken.
C:\WINDOWS\odb.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> No action taken.



Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Default System BIOS
USER : Mauro ( Administrator )
BOOT : Normal boot
Antivirus : Sistema Antivirus NOD32 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:390 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (Local Disk) - NTFS - Total:232 Go (Free:90 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 18/02/2009|19.51 )

--------------------\\ Listing folders in DATIAP~1

[29/10/2008|22.20] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/02/2009|12.14] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Adobe
[26/01/2009|20.00] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Adobe Systems
[24/09/2008|11.22] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Apple
[29/10/2008|22.20] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Apple Computer
[05/12/2008|11.40] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\CyberLink
[15/01/2009|12.32] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\EPSON
[26/01/2009|19.55] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\FLEXnet
[18/02/2009|18.32] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Malwarebytes
[11/01/2009|18.51] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Microsoft
[11/01/2009|18.57] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Motive
[19/09/2008|16.06] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Nero
[06/10/2008|17.14] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\SweetIM
[15/01/2009|12.52] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\UDL
[18/09/2008|18.36] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Windows Genuine Advantage
[22/09/2008|15.52] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\WLInstaller
[0|File] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\byte
[18|Directory] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\byte disponibili

[11/04/2008|13.39] C:\DOCUME~1\Enrico\DATIAP~1\Logitech
[11/04/2008|13.39] C:\DOCUME~1\Enrico\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\Enrico\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\Enrico\DATIAP~1\byte disponibili

[09/01/2008|22.22] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[12/01/2009|17.55] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\agi
[18/09/2008|18.11] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\Microsoft
[15/01/2009|14.27] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\Mozilla
[0|File] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\byte
[5|Directory] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\byte disponibili

[10/02/2009|12.14] C:\DOCUME~1\Mauro\DATIAP~1\Adobe
[19/09/2008|15.25] C:\DOCUME~1\Mauro\DATIAP~1\AdobeUM
[26/01/2009|17.31] C:\DOCUME~1\Mauro\DATIAP~1\Ahead
[10/02/2009|12.14] C:\DOCUME~1\Mauro\DATIAP~1\Apple Computer
[07/01/2009|19.32] C:\DOCUME~1\Mauro\DATIAP~1\Conviva
[10/02/2009|12.14] C:\DOCUME~1\Mauro\DATIAP~1\CyberLink
[20/10/2008|14.27] C:\DOCUME~1\Mauro\DATIAP~1\DAEMON Tools
[03/02/2009|18.34] C:\DOCUME~1\Mauro\DATIAP~1\Design Science
[10/02/2009|12.14] C:\DOCUME~1\Mauro\DATIAP~1\EPSON
[07/01/2009|22.08] C:\DOCUME~1\Mauro\DATIAP~1\InterVoip
[27/11/2008|19.56] C:\DOCUME~1\Mauro\DATIAP~1\LEGO Company
[18/09/2008|21.53] C:\DOCUME~1\Mauro\DATIAP~1\Logitech
[18/09/2008|21.24] C:\DOCUME~1\Mauro\DATIAP~1\Macromedia
[18/02/2009|18.33] C:\DOCUME~1\Mauro\DATIAP~1\Malwarebytes
[19/09/2008|15.51] C:\DOCUME~1\Mauro\DATIAP~1\Media Player Classic
[26/01/2009|18.17] C:\DOCUME~1\Mauro\DATIAP~1\Microsoft
[02/12/2008|10.15] C:\DOCUME~1\Mauro\DATIAP~1\Motive
[11/02/2009|11.12] C:\DOCUME~1\Mauro\DATIAP~1\Mozilla
[19/09/2008|16.13] C:\DOCUME~1\Mauro\DATIAP~1\Nero
[05/12/2008|19.50] C:\DOCUME~1\Mauro\DATIAP~1\Netscape
[23/09/2008|20.13] C:\DOCUME~1\Mauro\DATIAP~1\Sun
[19/09/2008|11.46] C:\DOCUME~1\Mauro\DATIAP~1\Thunderbird
[17/02/2009|10.12] C:\DOCUME~1\Mauro\DATIAP~1\U3
[06/02/2009|18.20] C:\DOCUME~1\Mauro\DATIAP~1\uTorrent
[10/02/2009|17.17] C:\DOCUME~1\Mauro\DATIAP~1\VoipCheapCom
[0|File] C:\DOCUME~1\Mauro\DATIAP~1\byte
[27|Directory] C:\DOCUME~1\Mauro\DATIAP~1\byte disponibili

[09/01/2008|22.22] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[18/09/2008|18.11] C:\DOCUME~1\NETWOR~1.NTA\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1.NTA\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1.NTA\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[18/02/2009 16.21][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1563985344-1801674531-1003.job
[18/02/2009 17.58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[14/04/2008 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[03/02/2009|09.36] C:\Programmi\ABBYY FineReader 6.0 Sprint
[26/01/2009|20.12] C:\Programmi\Adobe
[01/12/2008|09.01] C:\Programmi\Alice ti aiuta
[24/09/2008|11.22] C:\Programmi\Apple Software Update
[09/01/2008|22.22] C:\Programmi\ATI Technologies
[29/10/2008|22.20] C:\Programmi\Bonjour
[12/01/2009|17.58] C:\Programmi\Canon
[04/11/2008|22.34] C:\Programmi\CCleaner
[18/02/2009|17.24] C:\Programmi\CMVideoPlugin
[10/01/2008|04.05] C:\Programmi\Common Files
[29/12/2008|14.33] C:\Programmi\CyberLink
[24/01/2008|22.44] C:\Programmi\DAEMON Tools Lite
[24/01/2008|22.38] C:\Programmi\DAEMON Tools Pro
[03/01/2009|15.29] C:\Programmi\DVDFab Platinum 3
[20/11/2008|16.14] C:\Programmi\EA GAMES
[12/01/2009|17.41] C:\Programmi\eMule
[15/01/2009|12.51] C:\Programmi\EPSON
[15/01/2009|12.51] C:\Programmi\Epson Software
[18/09/2008|22.00] C:\Programmi\ESET
[23/09/2008|21.32] C:\Programmi\Eusing Free Registry Cleaner
[11/01/2009|18.37] C:\Programmi\File comuni
[11/12/2008|18.57] C:\Programmi\FLAC
[20/11/2008|16.14] C:\Programmi\GameSpy Arcade
[22/01/2009|14.25] C:\Programmi\InstallShield Installation Information
[16/10/2007|20.22] C:\Programmi\Intel
[11/02/2009|12.19] C:\Programmi\Internet Explorer
[29/10/2008|22.20] C:\Programmi\iPod
[29/10/2008|22.20] C:\Programmi\iTunes
[23/09/2008|20.07] C:\Programmi\Java
[06/01/2009|21.07] C:\Programmi\K-Lite Codec Pack
[14/03/2008|17.08] C:\Programmi\Lavasoft
[18/02/2009|19.30] C:\Programmi\LEGO Company
[25/03/2008|12.16] C:\Programmi\Logitech
[18/02/2009|19.48] C:\Programmi\Malwarebytes' Anti-Malware
[03/02/2009|18.34] C:\Programmi\MathType
[11/12/2008|18.57] C:\Programmi\Messenger
[11/01/2009|18.54] C:\Programmi\Microsoft
[18/02/2009|18.42] C:\Programmi\Microsoft Common
[18/09/2008|18.11] C:\Programmi\microsoft frontpage
[18/12/2008|14.07] C:\Programmi\Microsoft Office
[11/01/2009|18.54] C:\Programmi\Microsoft Office Outlook Connector
[11/01/2009|18.54] C:\Programmi\Microsoft Silverlight
[05/05/2008|22.10] C:\Programmi\Microsoft SQL Server Compact Edition
[11/01/2009|18.51] C:\Programmi\Microsoft Sync Framework
[16/10/2007|21.20] C:\Programmi\Microsoft.NET
[23/08/2008|13.33] C:\Programmi\Monte Cristo
[01/12/2008|09.00] C:\Programmi\Motive
[18/09/2008|18.09] C:\Programmi\Movie Maker
[18/02/2009|19.45] C:\Programmi\Mozilla Firefox
[18/02/2009|16.30] C:\Programmi\Mozilla Thunderbird
[18/12/2008|14.07] C:\Programmi\MSECache
[16/10/2007|20.01] C:\Programmi\MSN Gaming Zone
[20/03/2008|18.59] C:\Programmi\MSXML 4.0
[05/05/2008|22.03] C:\Programmi\MSXML 6.0
[18/01/2008|22.34] C:\Programmi\Nero
[18/09/2008|18.09] C:\Programmi\NetMeeting
[18/09/2008|18.09] C:\Programmi\Outlook Express
[18/09/2008|22.02] C:\Programmi\PC Wizard 2007
[17/09/2008|10.22] C:\Programmi\PeerGuardian2
[14/07/2008|16.17] C:\Programmi\Pegasys Inc
[05/12/2008|19.49] C:\Programmi\Photodex
[05/12/2008|19.50] C:\Programmi\Photodex Presenter
[12/01/2009|08.59] C:\Programmi\PowerISO
[29/10/2008|22.18] C:\Programmi\QuickTime
[18/09/2008|21.26] C:\Programmi\Realtek
[18/02/2009|19.32] C:\Programmi\rFactor
[16/10/2007|20.03] C:\Programmi\Servizi in linea
[12/01/2009|09.05] C:\Programmi\SweetIM
[23/02/2008|14.43] C:\Programmi\Synthetic Aperture
[01/12/2008|09.02] C:\Programmi\Telecom Italia
[19/09/2008|15.29] C:\Programmi\thunderbird
[12/09/2008|15.25] C:\Programmi\TI Education
[20/03/2008|00.15] C:\Programmi\Trend Micro
[20/10/2008|20.25] C:\Programmi\UltraISO
[16/10/2007|20.13] C:\Programmi\Uninstall Information
[05/02/2009|18.59] C:\Programmi\Universal Interactive
[22/09/2008|08.14] C:\Programmi\uTorrent
[18/02/2009|16.30] C:\Programmi\VoipCheapCom
[03/01/2009|16.01] C:\Programmi\vso
[11/01/2009|18.54] C:\Programmi\Windows Live
[11/01/2009|18.49] C:\Programmi\Windows Live SkyDrive
[18/09/2008|18.37] C:\Programmi\Windows Media Player
[18/09/2008|18.08] C:\Programmi\Windows NT
[17/12/2008|22.56] C:\Programmi\WinRAR
[18/09/2008|18.11] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[87|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[26/01/2009|19.59] C:\Programmi\File comuni\Adobe
[26/11/2008|22.37] C:\Programmi\File comuni\Adobe AIR
[05/02/2008|16.55] C:\Programmi\File comuni\Adobe Systems Shared
[18/01/2008|21.23] C:\Programmi\File comuni\Ahead
[16/02/2008|12.46] C:\Programmi\File comuni\Apple
[16/10/2007|20.45] C:\Programmi\File comuni\ATI Technologies
[19/01/2008|15.42] C:\Programmi\File comuni\CANON
[16/10/2007|21.21] C:\Programmi\File comuni\DESIGNER
[20/10/2008|20.25] C:\Programmi\File comuni\EZB Systems
[16/10/2007|20.45] C:\Programmi\File comuni\InstallShield
[16/10/2007|21.23] C:\Programmi\File comuni\Java
[25/03/2008|12.15] C:\Programmi\File comuni\Logitech
[04/03/2008|22.43] C:\Programmi\File comuni\Macrovision Shared
[18/12/2008|14.07] C:\Programmi\File comuni\Microsoft Shared
[01/12/2008|09.01] C:\Programmi\File comuni\Motive
[16/10/2007|20.03] C:\Programmi\File comuni\MSSoap
[18/01/2008|22.35] C:\Programmi\File comuni\Nero
[16/10/2007|21.57] C:\Programmi\File comuni\ODBC
[19/01/2008|15.36] C:\Programmi\File comuni\Python
[16/10/2007|20.03] C:\Programmi\File comuni\Services
[16/10/2007|21.57] C:\Programmi\File comuni\SpeechEngines
[11/01/2009|18.54] C:\Programmi\File comuni\System
[11/01/2009|18.37] C:\Programmi\File comuni\Windows Live
[02/05/2008|15.00] C:\Programmi\File comuni\WindowsLiveInstaller
[0|File] C:\Programmi\File comuni\byte
[26|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Mauro\IMPOST~1\Temp\nsb1388.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 19:56:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Mauro\Documenti\Torrent\Adobe After Effects CS3 Professional 2008 PC + Crack
C:\DOCUME~1\Mauro\Documenti\Torrent\Adobe After Effects CS3 Professional 2008 PC + Crack.torrent
C:\DOCUME~1\Mauro\Documenti\Torrent\Adobe After Effects CS3 Professional 2008 PC + Crack\Adobe After Effects CS3 Professional 2008 PC + Crack.uif
C:\DOCUME~1\Mauro\Documenti\Torrent\Garmin City Navigator Europe NT 2009 (Mapsource Version)\GMSCNENT2009\KeyGen v1.5
C:\DOCUME~1\Mauro\Documenti\Torrent\Garmin City Navigator Europe NT 2009 (Mapsource Version)\GMSCNENT2009\KeyGen v1.5\garmin_keygen_v1.5.exe


[F:15][D:3]-> C:\DOCUME~1\Mauro\IMPOST~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Mauro\Cookies
[F:10][D:4]-> C:\DOCUME~1\Mauro\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 18/02/2009|19.58 - Option : [1]

--------------------\\ Scan completed at 19.58.35



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Default System BIOS
USER : Mauro ( Administrator )
BOOT : Normal boot
Antivirus : Sistema Antivirus NOD32 2.70 2.70 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:390 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 18/02/2009|20.44 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Mauro\IMPOST~1\Temp\nsb1388.tmp

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[29/10/2008|22.20] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/02/2009|12.14] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Adobe
[26/01/2009|20.00] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Adobe Systems
[24/09/2008|11.22] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Apple
[29/10/2008|22.20] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Apple Computer
[05/12/2008|11.40] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\CyberLink
[15/01/2009|12.32] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\EPSON
[26/01/2009|19.55] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\FLEXnet
[18/02/2009|18.32] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Malwarebytes
[11/01/2009|18.51] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Microsoft
[11/01/2009|18.57] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Motive
[19/09/2008|16.06] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Nero
[06/10/2008|17.14] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\SweetIM
[15/01/2009|12.52] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\UDL
[18/09/2008|18.36] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\Windows Genuine Advantage
[22/09/2008|15.52] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\WLInstaller
[0|File] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\byte
[18|Directory] C:\DOCUME~1\ALLUSE~1.WIN\DATIAP~1\byte disponibili

[11/04/2008|13.39] C:\DOCUME~1\Enrico\DATIAP~1\Logitech
[11/04/2008|13.39] C:\DOCUME~1\Enrico\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\Enrico\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\Enrico\DATIAP~1\byte disponibili

[09/01/2008|22.22] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[12/01/2009|17.55] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\agi
[18/09/2008|18.11] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\Microsoft
[15/01/2009|14.27] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\Mozilla
[0|File] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\byte
[5|Directory] C:\DOCUME~1\LOCALS~1.NTA\DATIAP~1\byte disponibili

[10/02/2009|12.14] C:\DOCUME~1\Mauro\DATIAP~1\Adobe
[19/09/2008|15.25] C:\DOCUME~1\Mauro\DATIAP~1\AdobeUM
[26/01/2009|17.31] C:\DOCUME~1\Mauro\DATIAP~1\Ahead
[10/02/2009|12.14] C:\DOCUME~1\Mauro\DATIAP~1\Apple Computer
[07/01/2009|19.32] C:\DOCUME~1\Mauro\DATIAP~1\Conviva
[10/02/2009|12.14] C:\DOCUME~1\Mauro\DATIAP~1\CyberLink
[20/10/2008|14.27] C:\DOCUME~1\Mauro\DATIAP~1\DAEMON Tools
[03/02/2009|18.34] C:\DOCUME~1\Mauro\DATIAP~1\Design Science
[10/02/2009|12.14] C:\DOCUME~1\Mauro\DATIAP~1\EPSON
[07/01/2009|22.08] C:\DOCUME~1\Mauro\DATIAP~1\InterVoip
[27/11/2008|19.56] C:\DOCUME~1\Mauro\DATIAP~1\LEGO Company
[18/09/2008|21.53] C:\DOCUME~1\Mauro\DATIAP~1\Logitech
[18/09/2008|21.24] C:\DOCUME~1\Mauro\DATIAP~1\Macromedia
[18/02/2009|18.33] C:\DOCUME~1\Mauro\DATIAP~1\Malwarebytes
[19/09/2008|15.51] C:\DOCUME~1\Mauro\DATIAP~1\Media Player Classic
[26/01/2009|18.17] C:\DOCUME~1\Mauro\DATIAP~1\Microsoft
[02/12/2008|10.15] C:\DOCUME~1\Mauro\DATIAP~1\Motive
[11/02/2009|11.12] C:\DOCUME~1\Mauro\DATIAP~1\Mozilla
[19/09/2008|16.13] C:\DOCUME~1\Mauro\DATIAP~1\Nero
[05/12/2008|19.50] C:\DOCUME~1\Mauro\DATIAP~1\Netscape
[23/09/2008|20.13] C:\DOCUME~1\Mauro\DATIAP~1\Sun
[19/09/2008|11.46] C:\DOCUME~1\Mauro\DATIAP~1\Thunderbird
[17/02/2009|10.12] C:\DOCUME~1\Mauro\DATIAP~1\U3
[06/02/2009|18.20] C:\DOCUME~1\Mauro\DATIAP~1\uTorrent
[10/02/2009|17.17] C:\DOCUME~1\Mauro\DATIAP~1\VoipCheapCom
[0|File] C:\DOCUME~1\Mauro\DATIAP~1\byte
[27|Directory] C:\DOCUME~1\Mauro\DATIAP~1\byte disponibili

[09/01/2008|22.22] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[18/09/2008|18.11] C:\DOCUME~1\NETWOR~1.NTA\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1.NTA\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1.NTA\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[18/02/2009 20.06][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1563985344-1801674531-1003.job
[18/02/2009 17.58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[14/04/2008 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[03/02/2009|09.36] C:\Programmi\ABBYY FineReader 6.0 Sprint
[26/01/2009|20.12] C:\Programmi\Adobe
[01/12/2008|09.01] C:\Programmi\Alice ti aiuta
[24/09/2008|11.22] C:\Programmi\Apple Software Update
[09/01/2008|22.22] C:\Programmi\ATI Technologies
[29/10/2008|22.20] C:\Programmi\Bonjour
[12/01/2009|17.58] C:\Programmi\Canon
[04/11/2008|22.34] C:\Programmi\CCleaner
[18/02/2009|17.24] C:\Programmi\CMVideoPlugin
[10/01/2008|04.05] C:\Programmi\Common Files
[29/12/2008|14.33] C:\Programmi\CyberLink
[24/01/2008|22.44] C:\Programmi\DAEMON Tools Lite
[24/01/2008|22.38] C:\Programmi\DAEMON Tools Pro
[03/01/2009|15.29] C:\Programmi\DVDFab Platinum 3
[20/11/2008|16.14] C:\Programmi\EA GAMES
[12/01/2009|17.41] C:\Programmi\eMule
[15/01/2009|12.51] C:\Programmi\EPSON
[15/01/2009|12.51] C:\Programmi\Epson Software
[18/09/2008|22.00] C:\Programmi\ESET
[23/09/2008|21.32] C:\Programmi\Eusing Free Registry Cleaner
[11/01/2009|18.37] C:\Programmi\File comuni
[11/12/2008|18.57] C:\Programmi\FLAC
[20/11/2008|16.14] C:\Programmi\GameSpy Arcade
[22/01/2009|14.25] C:\Programmi\InstallShield Installation Information
[16/10/2007|20.22] C:\Programmi\Intel
[11/02/2009|12.19] C:\Programmi\Internet Explorer
[29/10/2008|22.20] C:\Programmi\iPod
[29/10/2008|22.20] C:\Programmi\iTunes
[23/09/2008|20.07] C:\Programmi\Java
[06/01/2009|21.07] C:\Programmi\K-Lite Codec Pack
[14/03/2008|17.08] C:\Programmi\Lavasoft
[18/02/2009|19.30] C:\Programmi\LEGO Company
[25/03/2008|12.16] C:\Programmi\Logitech
[18/02/2009|19.48] C:\Programmi\Malwarebytes' Anti-Malware
[03/02/2009|18.34] C:\Programmi\MathType
[11/12/2008|18.57] C:\Programmi\Messenger
[11/01/2009|18.54] C:\Programmi\Microsoft
[18/02/2009|18.42] C:\Programmi\Microsoft Common
[18/09/2008|18.11] C:\Programmi\microsoft frontpage
[18/12/2008|14.07] C:\Programmi\Microsoft Office
[11/01/2009|18.54] C:\Programmi\Microsoft Office Outlook Connector
[11/01/2009|18.54] C:\Programmi\Microsoft Silverlight
[05/05/2008|22.10] C:\Programmi\Microsoft SQL Server Compact Edition
[11/01/2009|18.51] C:\Programmi\Microsoft Sync Framework
[16/10/2007|21.20] C:\Programmi\Microsoft.NET
[23/08/2008|13.33] C:\Programmi\Monte Cristo
[01/12/2008|09.00] C:\Programmi\Motive
[18/09/2008|18.09] C:\Programmi\Movie Maker
[18/02/2009|20.43] C:\Programmi\Mozilla Firefox
[18/02/2009|16.30] C:\Programmi\Mozilla Thunderbird
[18/12/2008|14.07] C:\Programmi\MSECache
[16/10/2007|20.01] C:\Programmi\MSN Gaming Zone
[20/03/2008|18.59] C:\Programmi\MSXML 4.0
[05/05/2008|22.03] C:\Programmi\MSXML 6.0
[18/01/2008|22.34] C:\Programmi\Nero
[18/09/2008|18.09] C:\Programmi\NetMeeting
[18/09/2008|18.09] C:\Programmi\Outlook Express
[18/09/2008|22.02] C:\Programmi\PC Wizard 2007
[17/09/2008|10.22] C:\Programmi\PeerGuardian2
[14/07/2008|16.17] C:\Programmi\Pegasys Inc
[05/12/2008|19.49] C:\Programmi\Photodex
[05/12/2008|19.50] C:\Programmi\Photodex Presenter
[12/01/2009|08.59] C:\Programmi\PowerISO
[29/10/2008|22.18] C:\Programmi\QuickTime
[18/09/2008|21.26] C:\Programmi\Realtek
[18/02/2009|19.32] C:\Programmi\rFactor
[16/10/2007|20.03] C:\Programmi\Servizi in linea
[12/01/2009|09.05] C:\Programmi\SweetIM
[23/02/2008|14.43] C:\Programmi\Synthetic Aperture
[01/12/2008|09.02] C:\Programmi\Telecom Italia
[19/09/2008|15.29] C:\Programmi\thunderbird
[12/09/2008|15.25] C:\Programmi\TI Education
[20/03/2008|00.15] C:\Programmi\Trend Micro
[20/10/2008|20.25] C:\Programmi\UltraISO
[16/10/2007|20.13] C:\Programmi\Uninstall Information
[05/02/2009|18.59] C:\Programmi\Universal Interactive
[22/09/2008|08.14] C:\Programmi\uTorrent
[18/02/2009|16.30] C:\Programmi\VoipCheapCom
[03/01/2009|16.01] C:\Programmi\vso
[11/01/2009|18.54] C:\Programmi\Windows Live
[11/01/2009|18.49] C:\Programmi\Windows Live SkyDrive
[18/09/2008|18.37] C:\Programmi\Windows Media Player
[18/09/2008|18.08] C:\Programmi\Windows NT
[17/12/2008|22.56] C:\Programmi\WinRAR
[18/09/2008|18.11] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[87|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[26/01/2009|19.59] C:\Programmi\File comuni\Adobe
[26/11/2008|22.37] C:\Programmi\File comuni\Adobe AIR
[05/02/2008|16.55] C:\Programmi\File comuni\Adobe Systems Shared
[18/01/2008|21.23] C:\Programmi\File comuni\Ahead
[16/02/2008|12.46] C:\Programmi\File comuni\Apple
[16/10/2007|20.45] C:\Programmi\File comuni\ATI Technologies
[19/01/2008|15.42] C:\Programmi\File comuni\CANON
[16/10/2007|21.21] C:\Programmi\File comuni\DESIGNER
[20/10/2008|20.25] C:\Programmi\File comuni\EZB Systems
[16/10/2007|20.45] C:\Programmi\File comuni\InstallShield
[16/10/2007|21.23] C:\Programmi\File comuni\Java
[25/03/2008|12.15] C:\Programmi\File comuni\Logitech
[04/03/2008|22.43] C:\Programmi\File comuni\Macrovision Shared
[18/12/2008|14.07] C:\Programmi\File comuni\Microsoft Shared
[01/12/2008|09.01] C:\Programmi\File comuni\Motive
[16/10/2007|20.03] C:\Programmi\File comuni\MSSoap
[18/01/2008|22.35] C:\Programmi\File comuni\Nero
[16/10/2007|21.57] C:\Programmi\File comuni\ODBC
[19/01/2008|15.36] C:\Programmi\File comuni\Python
[16/10/2007|20.03] C:\Programmi\File comuni\Services
[16/10/2007|21.57] C:\Programmi\File comuni\SpeechEngines
[11/01/2009|18.54] C:\Programmi\File comuni\System
[11/01/2009|18.37] C:\Programmi\File comuni\Windows Live
[02/05/2008|15.00] C:\Programmi\File comuni\WindowsLiveInstaller
[0|File] C:\Programmi\File comuni\byte
[26|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 20:49:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Mauro\Documenti\Torrent\Adobe After Effects CS3 Professional 2008 PC + Crack
C:\DOCUME~1\Mauro\Documenti\Torrent\Adobe After Effects CS3 Professional 2008 PC + Crack.torrent
C:\DOCUME~1\Mauro\Documenti\Torrent\Adobe After Effects CS3 Professional 2008 PC + Crack\Adobe After Effects CS3 Professional 2008 PC + Crack.uif
C:\DOCUME~1\Mauro\Documenti\Torrent\Garmin City Navigator Europe NT 2009 (Mapsource Version)\GMSCNENT2009\KeyGen v1.5
C:\DOCUME~1\Mauro\Documenti\Torrent\Garmin City Navigator Europe NT 2009 (Mapsource Version)\GMSCNENT2009\KeyGen v1.5\garmin_keygen_v1.5.exe


[F:11][D:2]-> C:\DOCUME~1\Mauro\IMPOST~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Mauro\Cookies
[F:10][D:4]-> C:\DOCUME~1\Mauro\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 18/02/2009|19.58 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/02/2009|20.51 - Option : [2]

--------------------\\ Scan completed at 20.51.07


Logfile of HijackThis v1.99.1
Scan saved at 20.56.38, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Mauro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mauro\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pspgame.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\admparseh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\admparseh.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mauro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\admparseh.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\admparseh.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DEDBBA2-4A68-4631-BFAC-B8F0D868F94B}: NameServer = 85.37.17.46 85.38.28.84
O18 - Protocol: bw+0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

Attendo fiducioso...
Grazie
mosvy
Utente Junior
 
Post: 25
Iscritto il: 28/12/07 14:21

Re: Trojan

Postdi shel » 18/02/09 21:24

sei pieno di infezioni - riavvia malwarebytes ed elimina tutto

intanto controllo hijackthis
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan

Postdi mosvy » 18/02/09 22:04

Dopo aver fatto queste scansioni ho solo salvato i log e non ho eliminato niente, però il simbolo sulla Barra di avvio mi è scomparsa!
La cosa strana è che non posso aprire il TAsk Manager perchè(con il tasto destro) non è evidenziato, non si attiva e inoltre non riesco ad entrare nel File di registro, Start>Esegui> regedit...ma la risposta è "L'Editor di registro è stato disabilitato dall'amministratore di sistema"...
Come lo reinserisco?
La scansione con Malwarebites la faccio domani perchè ora mi comporterebbe troppo tempo, prima ha impiegato 1h e 13min.
Fammi sapere..
mosvy
Utente Junior
 
Post: 25
Iscritto il: 28/12/07 14:21

Re: Trojan

Postdi shel » 18/02/09 22:06

hai anche l'userinit sporco

segui attentamente quello che dovrai fare

Apri il registro -> Start / Esegui ,digita regedit e dai l'ok
Portati in questa chiave :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Clicca sulla cartella winlogon e, nella finestra a destra, trova "Userinit"

In "dati" vedrai scritto:

C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

Fai doppio clic su "userinit" e, bella finestra che si apre, evidenzia ed elimina SOLO:

C:\WINDOWS\system32\ntos.exe, virgola compresa

ATTENZIONE a non eliminare tutto altrimenti il computer non sarà più in grado di riavviarsi!!!


Chiudi il registro, vai nella cartella C:\WINDOWS\system32, trova ed elimina il file ntos.exe,

Riavvia il sistema. posta un nuovo log di hijackthis e finiamo i fix
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan

Postdi shel » 18/02/09 22:10

Dopo aver fatto queste scansioni ho solo salvato i log e non ho eliminato niente


ma leggi quello che ti scrivo?

devi riaviare malwarebytes ed eliminare tutto quello che ti ha trovato- fatto questo, esegui molto attentamente quello che ti ho indicato nel post precedente
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan

Postdi shel » 18/02/09 22:28

se non riesci ad entrare nel registro leggi qui


http://forum.mrwebmaster.it/software/30 ... itato.html
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan

Postdi mosvy » 18/02/09 23:04

Dopo aver fatto la seconda scansione con Malware e aver eliminato tutto il Pc l'ho riavviato e sono scomparse le chiavi di registro che mi hai segnalato ( le avrà tolte lo stesso programma)! Mentre il file "ntos.exe" non c'è più nella directory C:\WINDOWS\system32.

Il registro lo ha ripristinato Malwarebytes!

Ti posto l'altra scansione di HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 22.58.25, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Eset\nod32krn.exe

resto ancora un pò in attesa...
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\Mauro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mauro\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pspgame.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\admparseh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mauro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\admparseh.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DEDBBA2-4A68-4631-BFAC-B8F0D868F94B}: NameServer = 85.37.17.46 85.38.28.84
O18 - Protocol: bw+0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {97685C2E-11A6-45C9-8080-4F76990627D9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
mosvy
Utente Junior
 
Post: 25
Iscritto il: 28/12/07 14:21

Re: Trojan

Postdi shel » 18/02/09 23:16

scarica Avenger da qui

http://swandog46.geekstogo.com/avenger.zip

lo installi e lo lanci

Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:

files to delete:
C:\WINDOWS\system32\admparseh.exe
C:\WINDOWS\system32\ntos.exe


Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\


Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked


R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} -

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\admparseh.exe

O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe

O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\admparseh.exe

O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe

O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\admparseh.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1



Solo per precauzione

vai sulla chiave che ti avevo indicato

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Clicca sulla cartella winlogon e, nella finestra a destra, trova "Userinit"

vedi se e' riportata esattamete come l'ho scritta io

C:\WINDOWS\system32\userinit.exe, virgola compresa e senza niente dopo la virgola

shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan

Postdi mosvy » 18/02/09 23:32

Questo il Log di avenger:


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\admparseh.exe" not found!
Deletion of file "C:\WINDOWS\system32\admparseh.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\ntos.exe" not found!
Deletion of file "C:\WINDOWS\system32\ntos.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


In HijackThis ho trovato solo le prime 3 chiavi le altre non ci sono più.
mosvy
Utente Junior
 
Post: 25
Iscritto il: 28/12/07 14:21

Re: Trojan

Postdi mosvy » 18/02/09 23:33

In: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
la chiave di userinit è scritta proprio come hai detto virgola compresa.....
mosvy
Utente Junior
 
Post: 25
Iscritto il: 28/12/07 14:21

Re: Trojan

Postdi shel » 18/02/09 23:41

In: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
la chiave di userinit è scritta proprio come hai detto virgola compresa.....


l'importante che non ci sia niente dopo la virgola
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Trojan

Postdi mosvy » 20/02/09 18:20

Volevo ringraziare immensamente "shel" per la preziosa assistenza dell'altra sera!Penso che un programmino come Malwarebytes sia da tenere sotto mano e "passarlo" ogni tanto... o sbaglio?
Posso chiederti se ci sono altri software da consigliare?
Grazie.
mosvy
Utente Junior
 
Post: 25
Iscritto il: 28/12/07 14:21


Torna a Sicurezza e Privacy


Topic correlati a "Trojan":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 21 ospiti