possibile virus ntuser.dat

**leapon75** · 02-12-2010, 01:48

Salve,

forse virus sul mio pc,mi sono comparse delle icone sul desktop e modificata la home di mozilla.

restartato il sistema in modalità provvisoria e lanciato sia hijackthis e AVG.

Hijackthis ha fornito l'output :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...ravelmate_5730
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...ravelmate_5730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...ravelmate_5730
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = serprx101rm001.services.external.local:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programmi\Fun4IM\Plugins\IE\ieplugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Programmi\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSe l.exe
O4 - HKLM\..\Run: [ProductReg] C:\Programmi\Acer\WR_PopUp\ProductReg.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Programmi\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Programmi\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Programmi\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "d:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [vmware-tray] D:\Virtual machine\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "D:\Virtual machine\hqtray.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SimHID.lnk = C:\Programmi\Distec\SimHID\SimHID.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programmi\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programmi\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Programmi\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Programmi\File comuni\SPBA\homefus2.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Programmi\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Programmi\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Programmi\Acer Bio Protection\BASVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Programmi\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Programmi\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Programmi\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Virtual machine\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Virtual machine\vmware-authd.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 15393 bytes

AVG ha eliminato un pò di file NTUSER.dat del tipo :

C:\Documents and Settings\Administrator\NTUSER.DAT File bloccato. Non verificato.
C:\Documents and Settings\Administrator\ntuser.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\All Users\NTUSER.DAT File bloccato. Non verificato.
C:\Documents and Settings\All Users\NTUSER.DAT.LOG File bloccato. Non verificato.
C:\pagefile.sys File bloccato. Non verificato.

C:\WINDOWS\system32\config\default File bloccato. Non verificato.
C:\WINDOWS\system32\config\default.LOG File bloccato. Non verificato. ryptnetU
C:\WINDOWS\system32\config\SAM File bloccato. Non verificato. rosoft\CryptnetU
C:\WINDOWS\system32\config\SAM.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\SECURITY File bloccato. Non verificato.
C:\WINDOWS\system32\config\SECURITY.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\software File bloccato. Non verificato.
C:\WINDOWS\system32\config\software.LOG File bloccato. Non verificato. yptnetU
C:\WINDOWS\system32\config\system File bloccato. Non verificato.
C:\WINDOWS\system32\config\system.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\drivers\sptd.sys File bloccato. Non verificato.

Sapreste dirmi se ho eliminato il virus o meno ???

Grazie in anticipo.

**alberto_summers** · 02-12-2010, 12:24

difficile dire quando un virus è stato rimosso ... però ti consiglio alcune cose di buon senso: mai fare la scansione da Windows (usa un CD di boot come http://www.ubcd4win.com/ )

Tieni conto che Windows blocca alcuni file - il che è necessario, ma problematico soprattutto se il virus resta nel file di swap

**SkinBonno** · 02-12-2010, 17:41

Ciao, riesegui una scansione con Hijack da modalità normale e posta il risultato. POI

Scarica e installa Malwarebytes . Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata, aspetta nostre conferme.

**leapon75** · 04-12-2010, 20:33

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\Acer Bio Protection\BASVC.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\Apoint2K\ApMsgFwd.exe
C:\Programmi\Apoint2K\HidFind.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Virtual machine\hqtray.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Acer Bio Protection\PwdBank.exe
C:\DOCUME~1\Leandro\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Java\jre6\bin\jucheck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...ravelmate_5730
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...ravelmate_5730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...ravelmate_5730
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = serprx101rm001.services.external.local:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programmi\Fun4IM\Plugins\IE\ieplugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSe l.exe
O4 - HKLM\..\Run: [ProductReg] C:\Programmi\Acer\WR_PopUp\ProductReg.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Programmi\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Programmi\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Programmi\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "d:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [VMware hqtray] "D:\Virtual machine\hqtray.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programmi\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programmi\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Programmi\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Programmi\File comuni\SPBA\homefus2.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Programmi\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Programmi\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Programmi\Acer Bio Protection\BASVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Programmi\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Programmi\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Programmi\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Virtual machine\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Virtual machine\vmware-authd.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

**SkinBonno** · 04-12-2010, 21:35

Disinstalla tutte le Toolbar che trovi in Installazione applicazioni. Poi riesegui una scansione con Hijack, seleziona le caselle di queste voci e premi Fix Checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = serprx101rm001.services.external.local:8080
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

Continua con la scansione con Malwarebytes, Poi hai una versione obsoleta di AVG, la 8, fossi in te aggiornerei alla 10.

**leapon75** · 04-12-2010, 21:43

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04/12/2010 20.41.22
mbam-log-2010-12-04 (20-41-22).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 234082
Tempo trascorso: 53 minuti, 6 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 14
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 1
File infetti: 8

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller. 1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Documents and Settings\All Users\Dati applicazioni\HotbarSA (Adware.Hotbar) -> No action taken.

File infetti:
C:\Documents and Settings\Leandro\Impostazioni locali\Temp\GLKD4.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Leandro\Impostazioni locali\Temp\emulex.exe (Trojan.Autoit) -> No action taken.
C:\Programmi\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> No action taken.

**leapon75** · 04-12-2010, 21:49

Originariamente inviato da SkinBonno
Disinstalla tutte le Toolbar che trovi in Installazione applicazioni. Poi riesegui una scansione con Hijack, seleziona le caselle di queste voci e premi Fix Checked:

Continua con la scansione con Malwarebytes, Poi hai una versione obsoleta di AVG, la 8, fossi in te aggiornerei alla 10.

Fatto, grazie !!!

**SkinBonno** · 04-12-2010, 22:51

Malwarebytes non era aggiornato, comunque cancella ciò che ha trovato, poi aggiornalo e riesegui una nuova scansione, postandomi il log. ti potrò dire qualcosa o stanotte o domani pomeriggio.

**leapon75** · 05-12-2010, 00:17

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Versione database: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04/12/2010 23.16.16
mbam-log-2010-12-04 (23-16-16).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 258104
Tempo trascorso: 1 ore, 15 minuti, 3 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 27
Valori di registro infetti: 1
Voci infette nei dati di registro: 0
Cartelle infette: 1
File infetti: 8

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController. 1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{76D54105-99EB-4ecb-95B2-A944F50CC566} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{A3E67DAA-DA01-4DA5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{A3E67DAA-DA01-4DA5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{A3E67DAA-DA01-4DA5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D95C7240-0282-4c01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extens ions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
c:\documents and settings\all users\dati applicazioni\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.

File infetti:
c:\documents and settings\Leandro\impostazioni locali\Temp\GLKD4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Leandro\impostazioni locali\Temp\emulex.exe (Trojan.Autoit) -> Quarantined and deleted successfully.
c:\programmi\mozilla firefox\plugins\npclntax_hotbarsa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dati applicazioni\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dati applicazioni\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dati applicazioni\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dati applicazioni\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dati applicazioni\HotbarSA\hotbarsa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

**leapon75** · 05-12-2010, 01:22

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Versione database: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

05/12/2010 0.21.40
mbam-log-2010-12-05 (00-21-40).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 257691
Tempo trascorso: 57 minuti, 47 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Discussione: possibile virus ntuser.dat

Strumenti discussione

Ricerca discussione

Visualizza

possibile virus ntuser.dat

scansione con AntiMalware

nuova scansione post eliminazione file infetti

Permessi di invio