si,ad adware lo ho sempre avuto....pero' di solito beccava solo dei tracking cookie cmq ora ti posto il log che mi da...quasi quasi mi sono deciso a formattare dato che sto virus e' troppo un macello da espiantare...le guide che ho trovato per toglierlo ti fanno scaricare la bellezza di 7 programmi tra antivirus,anty spyware,pulitori di registro,etcetc e ti fanno fare 300000 cose un po' in modalita' provvisoria,un po' connesso,un po' no....cioe' e' una cosa pazzesca...e il bello e' che dove sono andato ci sono piu' di 5 guide diverse a seconda di che polimorfo del virus hai beccato ma in fondo c'e' scrtitto che non si sa se alla fine il processo funzionera' perche' ne escono in continuazione forme nuove...penso sia il virus piu' elaborato e inculatore del secolo....in ogni caso pero' rimane il problema all'avvio di windows che c'e' anche formattando e volevo capire in base agli errori che ho postato se dipende dall'hd danneggiato (in questo caso lo sostituirei per avere finalmente un sistema stabile) o da altro...grazie a tutti cmq per l'aiuto
Ad-Aware SE Build 1.06r1
Logfile Created on:martedì 3 ottobre 2006 11.37.06
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R124 19.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
03-10-2006 11.37.06 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 712
ThreadCreationTime : 03-10-2006 8.31.13
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 03-10-2006 8.31.16
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 860
ThreadCreationTime : 03-10-2006 8.31.17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 03-10-2006 8.31.17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1040
ThreadCreationTime : 03-10-2006 8.31.19
BasePriority : Normal
FileVersion : 6.14.10.4142
ProductVersion : 6.14.10.4142
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1060
ThreadCreationTime : 03-10-2006 8.31.19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1236
ThreadCreationTime : 03-10-2006 8.31.21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1308
ThreadCreationTime : 03-10-2006 8.31.21
BasePriority : Normal
FileVersion : 6.14.10.4142
ProductVersion : 6.14.10.4142
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1572
ThreadCreationTime : 03-10-2006 8.31.24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:10 [avp.exe]
FilePath : C:\Programmi\AOL\Active Virus Shield\
ProcessID : 1684
ThreadCreationTime : 03-10-2006 8.31.25
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Active Virus Shield
CompanyName : AOL
FileDescription : Active Virus Shield
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1892
ThreadCreationTime : 03-10-2006 8.31.28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [viritsvc.exe]
FilePath : C:\VEXPLITE\
ProcessID : 1948
ThreadCreationTime : 03-10-2006 8.31.28
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 1, 1, 0, 1
ProductName : TG Soft viritsvc
CompanyName : TG Soft Sas
http://www.tgsoft.it
FileDescription : VirIT eXplorer Service
InternalName : viritsvc
LegalCopyright : Copyright © 2006
OriginalFilename : viritsvc.exe
Comments : VirIT eXplorer Service -
http://www.tgsoft.it
#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1872
ThreadCreationTime : 03-10-2006 8.31.36
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE
#:14 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1984
ThreadCreationTime : 03-10-2006 8.31.37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
#:15 [raid_tool.exe]
FilePath : C:\Programmi\VIA\RAID\
ProcessID : 2120
ThreadCreationTime : 03-10-2006 8.31.38
BasePriority : Normal
FileVersion : 4, 0, 6, 0
ProductVersion : 4, 0, 6, 0
ProductName : VIA RAID Tool
CompanyName : VIA Technologies
FileDescription : VIA RAID Tool
InternalName : raid_tool
LegalCopyright : Copyright (C) 2003
OriginalFilename : raid_tool.exe
#:16 [cnxdsltb.exe]
FilePath : C:\Programmi\Conexant\AccessRunner ADSL\
ProcessID : 2180
ThreadCreationTime : 03-10-2006 8.31.38
BasePriority : Normal
FileVersion : 2.099.057.000
ProductVersion : 2.099.057.000
ProductName : Conexant AccessRunner ADSL
CompanyName : Conexant Systems Inc.
FileDescription : TaskBar Application
LegalCopyright : © 1999-2002 Conexant Systems Inc.
#:17 [hpwuschd2.exe]
FilePath : C:\Programmi\HP\HP Software Update\
ProcessID : 2196
ThreadCreationTime : 03-10-2006 8.31.39
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
#:18 [ituneshelper.exe]
FilePath : C:\Programmi\iTunes\
ProcessID : 2220
ThreadCreationTime : 03-10-2006 8.31.39
BasePriority : Normal
FileVersion : 7.0.0.70
ProductVersion : 7.0.0.70
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:19 [daemon.exe]
FilePath : C:\Programmi\D-Tools\
ProcessID : 2228
ThreadCreationTime : 03-10-2006 8.31.39
BasePriority : Normal
#:20 [avp.exe]
FilePath : C:\Programmi\AOL\Active Virus Shield\
ProcessID : 2248
ThreadCreationTime : 03-10-2006 8.31.40
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Active Virus Shield
CompanyName : AOL
FileDescription : Active Virus Shield
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE
#:21 [jusched.exe]
FilePath : C:\Programmi\Java\jre1.5.0_06\bin\
ProcessID : 2256
ThreadCreationTime : 03-10-2006 8.31.40
BasePriority : Normal
#:22 [cli.exe]
FilePath : C:\Programmi\ATI Technologies\ATI.ACE\
ProcessID : 2340
ThreadCreationTime : 03-10-2006 8.31.43
BasePriority : Normal
#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2352
ThreadCreationTime : 03-10-2006 8.31.44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:24 [msnmsgr.exe]
FilePath : C:\Programmi\MSN Messenger\
ProcessID : 2368
ThreadCreationTime : 03-10-2006 8.31.44
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:25 [msmsgs.exe]
FilePath : C:\Programmi\Messenger\
ProcessID : 2376
ThreadCreationTime : 03-10-2006 8.31.44
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:26 [hpqtra08.exe]
FilePath : C:\Programmi\HP\Digital Imaging\bin\
ProcessID : 2444
ThreadCreationTime : 03-10-2006 8.31.46
BasePriority : Normal
FileVersion : 45.4.157.000
ProductVersion : 045.004.157.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor
#:27 [ipodservice.exe]
FilePath : C:\Programmi\iPod\bin\
ProcessID : 2644
ThreadCreationTime : 03-10-2006 8.31.50
BasePriority : Normal
FileVersion : 7.0.0.70
ProductVersion : 7.0.0.70
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:28 [hpqgalry.exe]
FilePath : C:\Programmi\HP\Digital Imaging\bin\
ProcessID : 2880
ThreadCreationTime : 03-10-2006 8.31.52
BasePriority : Normal
#:29 [cli.exe]
FilePath : C:\Programmi\ATI Technologies\ATI.ACE\
ProcessID : 3296
ThreadCreationTime : 03-10-2006 8.31.59
BasePriority : Normal
#:30 [cli.exe]
FilePath : C:\Programmi\ATI Technologies\ATI.ACE\
ProcessID : 3304
ThreadCreationTime : 03-10-2006 8.31.59
BasePriority : Normal
#:31 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1544
ThreadCreationTime : 03-10-2006 8.57.03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:32 [firefox.exe]
FilePath : C:\Programmi\Mozilla Firefox\
ProcessID : 3272
ThreadCreationTime : 03-10-2006 9.35.30
BasePriority : Normal
#:33 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2552
ThreadCreationTime : 03-10-2006 9.36.59
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : budu@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:budu@atdmt.com/
Expires : 01-10-2011 2.00.00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : budu@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:budu@statcounter.com/
Expires : 02-10-2011 10.51.02
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : budu@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:budu@doubleclick.net/
Expires : 02-10-2009 10.45.04
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Disk Scan Result for C:\DOCUME~1\BUDU\IMPOST~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3
MRU List Object Recognized!
Location: : C:\Documents and Settings\BUDU\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-682003330-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-682003330-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-682003330-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-682003330-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-682003330-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-682003330-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-682003330-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1801674531-682003330-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
11.38.37 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.01.30.409
Objects scanned:86524
Objects identified:3
Objects ignored:0
New critical objects:3