Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

FINESTRE DI PUBBLICITA' CHE SI APRONO Opzioni
ideamet
Inviato: Wednesday, October 22, 2008 12:53:52 PM

Rank: Newbie

Iscritto dal : 10/22/2008
Posts: 0
DA TEMPO QUANDO NAVIGO SI APRONO DELLE FINESTRE DI PUBBLICITA', VI MANDO IL LOG HIJACKTHIS, CIAO

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.31.59, on 22/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Hamlet\Adsl\dslstat.exe
C:\Program Files\Hamlet\Adsl\dslagent.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trust\Ami Mouse Dual Scroll\AWMMAIN.EXE
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Programmi\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WheelMouse] C:\Programmi\Trust\Ami Mouse Dual Scroll\AWMMAIN.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0BA4F36-826F-4FC7-BDA5-B8B388545060}: NameServer = 85.37.17.55 85.38.28.93
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\MsPMSPSv.exe (file missing)

--
End of file - 9138 bytes
Sponsor
Inviato: Wednesday, October 22, 2008 12:53:52 PM

 
r16
Inviato: Wednesday, October 22, 2008 5:44:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 10,961
Ciao ideamet .
Scarica questi 2 software:
Scarica: Malwarebytes' Anti-MalwareMalwarebyte e salvalo dove vuoi tu. : http://www.besttechie.net/tools/mbam-setup.exe

Doppio click sull'icona di mbam-setup.exe che hai salvato,e procedi con l'installazione

Assicurati che ci siano entrambi i segni di spunta su :Aggiorna Malwarebytes' Anti-Malware e Avvia, e clicca Fine
Al primo avvio, ti comparirà un messaggio di benvenuto, Assicurati che il collegamento Internet sia attivo e clicca OK
Attendi la fine dell'aggiornamento.
Compare la schermata principale.
Clicca Scansiona
Potrebbe volerci parecchio tempo,(dipende quanto è infettato il pc) quindi bisogna avere un pò di pazienza.

Al termine della scansione, clicca OK

Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati

Quando la disinfezione sarà completata, verrà aperto Notepad con il risultato dell'operazione .
Postalo qui.
*********************************************************************************************************
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.
Vedi se il problema si è risolto.
ideamet
Inviato: Thursday, October 23, 2008 9:29:47 AM

Rank: Newbie

Iscritto dal : 10/22/2008
Posts: 0
Ok r 16 ho fatto tutto come hai detto tu questo è il risultato:
log di Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.30
Versione del database: 1308
Windows 5.1.2600 Service Pack 3

23/10/2008 8.34.48
mbam-log-2008-10-23 (08-34-48).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 51217
Tempo trascorso: 4 minute(s), 50 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 2
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

log di combofix

ComboFix 08-10-22.05 - Sergio & Maria 2008-10-23 8:47:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.596 [GMT 2:00]
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Sergio & Maria\Impostazioni locali\Dati applicazioni\oqysaddfpi_navfx.dat
C:\Documents and Settings\Sergio & Maria\Impostazioni locali\Dati applicazioni\qkygmgu.dat
C:\Documents and Settings\Sergio & Maria\Impostazioni locali\Dati applicazioni\qkygmgu.exe
C:\Documents and Settings\Sergio & Maria\Impostazioni locali\Dati applicazioni\qkygmgu_nav.dat
C:\Documents and Settings\Sergio & Maria\Impostazioni locali\Dati applicazioni\qkygmgu_navps.dat
C:\Documents and Settings\Sergio & Maria\Impostazioni locali\Dati applicazioni\rmynxlmpx.dat
C:\Documents and Settings\Sergio & Maria\Impostazioni locali\Dati applicazioni\rmynxlmpx_nav.dat
C:\Documents and Settings\Sergio & Maria\Impostazioni locali\Dati applicazioni\rmynxlmpx_navps.dat
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\tmp65.tmp
C:\WINDOWS\system32\tmp66.tmp

.
((((((((((((((((((((((((( Files Creati Da 2008-09-23 al 2008-10-23 )))))))))))))))))))))))))))))))))))
.

2008-10-23 08:28 . 2008-10-23 08:28 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-23 08:28 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 08:28 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-23 08:19 . 2008-10-23 08:19 7,915 --a------ C:\WINDOWS\extend.dat
2008-10-23 08:14 . 2008-10-23 08:14 <DIR> d-------- C:\Documents and Settings\Sergio & Maria\Dati applicazioni\Malwarebytes
2008-10-23 08:14 . 2008-10-23 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-10 08:21 . 2008-10-10 08:28 7,843,486 --a------ C:\CurrentVersion.reg
2008-10-10 08:21 . 2008-10-10 08:27 16,224 --a------ C:\Tcpip.reg
2008-10-10 08:21 . 2008-10-10 08:27 306 --a------ C:\Afd.reg
2008-10-10 08:21 . 2008-10-10 08:27 236 --a------ C:\Ndis.reg
2008-10-07 09:03 . 2008-10-07 09:03 <DIR> d-------- C:\WINDOWS\Motive
2008-10-07 09:03 . 2008-10-07 09:03 <DIR> d-------- C:\Programmi\Telecom Italia
2008-10-07 09:02 . 2008-10-07 09:02 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-10-07 09:02 . 2008-10-07 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-10-07 09:01 . 2008-10-07 09:01 <DIR> d-------- C:\Programmi\Motive
2008-10-02 10:50 . 2008-10-06 15:53 3,218 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-09-24 08:25 . 2008-09-24 08:25 <DIR> d-------- C:\Programmi\File comuni\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 06:45 200,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-23 06:45 17,166,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-23 06:26 --------- d-----w C:\Documents and Settings\Sergio & Maria\Dati applicazioni\uTorrent
2008-10-20 10:24 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-10-20 06:26 --------- d-----w C:\Programmi\Spyware Terminator
2008-10-20 06:26 --------- d-----w C:\Documents and Settings\Sergio & Maria\Dati applicazioni\Spyware Terminator
2008-10-19 09:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-10-18 20:35 7,562,806 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-18 17:08 --------- d-----w C:\Programmi\eMule
2008-10-18 10:26 --------- d-----w C:\Programmi\0 setup
2008-10-18 09:40 --------- d-----w C:\Programmi\ENCICLOPEDIA MEDICA 2007
2008-10-18 09:40 --------- d-----w C:\Programmi\Bonjour
2008-10-18 09:34 --------- d-----w C:\Programmi\Yahoo!
2008-10-10 06:35 --------- d-----w C:\Programmi\WinClamAVShield
2008-10-07 07:03 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-07 07:03 --------- d-----w C:\Programmi\Alice ti aiuta
2008-10-02 22:51 232,960 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-10-01 06:52 --------- d-----w C:\Programmi\TuneUp Utilities 2008
2008-09-30 22:35 2,141,184 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-09-30 22:35 1,488,896 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-09-26 06:23 --------- d-----w C:\Programmi\Google
2008-09-24 07:49 --------- d-----w C:\Programmi\DivX
2008-09-24 06:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-24 06:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-24 06:24 --------- d-----w C:\Programmi\File comuni\Real
2008-09-21 15:52 --------- d-----w C:\Programmi\Team6 game studios
2008-09-20 21:43 2,667,008 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-09-02 10:43 --------- d-----w C:\Programmi\Any to Icon
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-11 22:34 2,202,624 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-11 22:34 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-07-31 22:08 987,648 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-31 22:08 1,388,544 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-31 07:40 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-28 22:58 1,383,424 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-27 23:26 1,382,400 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-27 23:26 1,351,680 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-11 16:17 1,704,787 -c--a-w C:\Programmi\mirc631.rar
2005-05-20 06:16 188 ----a-w C:\Programmi\mp3mymp3data.lst
2005-05-18 11:27 1,564 -c--a-w C:\Programmi\README.txt
2002-12-09 12:58 2,446 -c--a-w C:\Programmi\ChangeLog.txt
2002-12-09 12:10 114,688 -c--a-w C:\Programmi\AVIPreview.exe
1999-04-16 09:28 151,552 -c--a-r C:\WINDOWS\inf\Agfa\Message.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WheelMouse"="C:\Programmi\Trust\Ami Mouse Dual Scroll\AWMMAIN.EXE" [2000-06-24 147968]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"uTorrent"="C:\Programmi\uTorrent\uTorrent.exe" [2008-10-10 270128]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-02-29 4670704]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-20 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 90112]
"CTStartup"="C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE" [2001-06-04 28672]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Advanced WindowsCare V2 Personal"="C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe" [2007-05-10 2592240]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"Ad-aware"="C:\Programmi\Lavasoft\Ad-aware 6\Ad-aware.exe" [2003-07-12 684544]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 2957824]
"DSLSTATEXE"="C:\Program Files\Hamlet\Adsl\dslstat.exe" [2005-10-24 344064]
"DSLAGENTEXE"="C:\Program Files\Hamlet\Adsl\dslagent.exe" [2005-08-25 65536]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 919016]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"QuickTime Task"="C:\QuickTime\qttask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"Nokia.PCSync"="C:\Programmi\nokia 6300\Nokia Pc Suite\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-10-07 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-20 12:24 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 138752]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 Aps2wmou;Trust PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\Aps2wmou.sys [2000-06-17 10212]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\0 Parcheggio Scanner\winxpvirtualcdcontrolpanel_21\VCdRom.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-31 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - vksuigyjq.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vksuigyjq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c7145fd-5a04-11dc-a825-806d6172696f}]
\Shell\Auto\command - vksuigyjq.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vksuigyjq.exe

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Programmi\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:09]

2008-10-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-10-22 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F1BF4BC-000D-483B-8238-6C1405E04E2C}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-qkygmgu - c:\documents and settings\sergio & maria\impostazioni locali\dati applicazioni\qkygmgu.exe


.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\Sergio & Maria\Dati applicazioni\Mozilla\Firefox\Profiles\w9vzw4yd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://italian.eazel.com/index.php?rvs=hompag
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 08:53:38
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run?&3?????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&3?????\???0???0???\???\???????$???5?:~e?:~\???\????????C`???????:~\???\??????s????\??????s\????&3?A??s?&3???:~???

Scansione files nascosti ...


C:\WINDOWS\TEMP\TMP0000004CC687EC72955747C0 524288 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
Ora fine scansione: 2008-10-23 8:56:49
ComboFix-quarantined-files.txt 2008-10-23 06:56:35

Pre-Run: 21,988,614,144 byte disponibili
Post-Run: 22,124,089,344 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

210 --- E O F --- 2008-10-22 09:44:00

log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.10.22, on 23/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Programmi\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WheelMouse] C:\Programmi\Trust\Ami Mouse Dual Scroll\AWMMAIN.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0BA4F36-826F-4FC7-BDA5-B8B388545060}: NameServer = 85.37.17.55 85.38.28.93
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\MsPMSPSv.exe (file missing)

--
End of file - 7952 bytes

Ho installato diversi programmi tra cui: Ad-aware 6, Advanced WindowsCare V2 Personal, CCleaner, Spyware Terminator, SUPERAntiSpyware Free Edition, TuneUp 1-Click Maintenance, Windows Defender, antivirus avira,zone alarm, potresti consigliarmi sulla scelta di quali tenere? Cosi faccio un po di pulizia nel computer.Ti ringrazio e ti saluto ciao a presto.
Ideamet
r16
Inviato: Thursday, October 23, 2008 7:19:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 10,961
Ciao.
Elimina Ad-aware 6 (è talmente obsoleto, che non serve a niente)
Tieni installato Malwarebytes'. (aggiornalo prima di fare la scansione)
Questo non lo conosco: TuneUp 1-Click Maintenance
Windows Defender, avendo Spyware Terminator, lo puoi disabilitare.
Tieni anche CCleaner.
SUPERAntiSpyware Free Edition,è ottimo.
Per il resto può andare bene.
ideamet
Inviato: Friday, October 24, 2008 8:16:56 AM

Rank: Newbie

Iscritto dal : 10/22/2008
Posts: 0
Ciao
Grazie per il consiglio dei programmi da tenere, per quanto riguarda l'esito dei log come sono andato? Appena hai tempo mi ci daresti un'occhiata?
A presto
r16
Inviato: Friday, October 24, 2008 7:06:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 10,961
Ciao.
Combofix ti ha levato parecchie fetecchie.
Malwarebytes', ti ha levato 1 Adware, compreso 2 chiavi del registro infettate.
Fai queste operazioni:
Apri un file di testo (start\esegui\digita: notepad.exe\ Ok
ci incolli (quello scritto in rosso) il codice e salvi il file di testo obbligatoriamente con il nome CFScript.txt.

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c7145fd-5a04-11dc-a825-806d6172696f}]


Lo chiudi, E "trascinalo" sull'icona di ComboFix,
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
*********************************************************************************************************
Scarica questa versione di Java:
http://www.aiutaamici.com/software?ID=11134.
Quando l'hai scaricata, riavvia il pc.
Poi scarica questo sul Desktop JavaRa :
http://news.swzone.it/link.php?action=d&id=22126
Serve per ripulire il pc da tutte le Java obsolete.
Troverai il loc in C:\
Finito la pulitura, lo puoi cestinare assieme al log (che si trova in C:\)
Il log di HJT è pulito.
E il problema delle finestre di pubblicità dovrebbe essere risolto.

ideamet
Inviato: Saturday, October 25, 2008 11:09:50 AM

Rank: Newbie

Iscritto dal : 10/22/2008
Posts: 0
Ciao!
Mentre Combofix faceva la scanzione è arrivata una scritta: " Combofix ha ricevuto la presenza di attività rootkit ed è necessario riavviare il pc", è normale?
Ti invio il log di Combofix, e ti ringrazio per tutti i consigli che mi hai dato.
A presto.

ComboFix 08-10-24.02 - Sergio & Maria 2008-10-25 9:15:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.614 [GMT 2:00]
Interruttori di comando utilizzati :: C:\Documents and Settings\Sergio & Maria\Desktop\CFScript.txt..txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ntos.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-09-25 al 2008-10-25 )))))))))))))))))))))))))))))))))))
.

2008-10-24 08:56 . 2008-10-24 09:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-24 08:41 . 2008-10-24 08:45 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-24 08:41 . 2008-10-24 08:41 <DIR> d-------- C:\Programmi\AVG
2008-10-24 08:41 . 2008-10-24 08:47 <DIR> d-------- C:\Documents and Settings\Sergio & Maria\Dati applicazioni\AVGTOOLBAR
2008-10-24 08:41 . 2008-10-24 08:41 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-24 08:41 . 2008-10-24 08:41 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-24 08:41 . 2008-10-24 08:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-23 10:46 . 2008-10-23 10:48 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-23 08:49 . 2008-08-14 15:22 2,192,896 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-23 08:49 . 2008-08-14 15:22 2,148,864 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-23 08:49 . 2008-08-14 15:22 2,069,760 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-23 08:49 . 2008-08-14 15:22 2,027,520 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-23 08:49 . 2008-09-15 17:24 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-23 08:49 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-23 08:28 . 2008-10-23 08:28 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-23 08:28 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 08:28 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-23 08:14 . 2008-10-23 08:14 <DIR> d-------- C:\Documents and Settings\Sergio & Maria\Dati applicazioni\Malwarebytes
2008-10-23 08:14 . 2008-10-23 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-10 08:21 . 2008-10-10 08:28 7,843,486 --a------ C:\CurrentVersion.reg
2008-10-10 08:21 . 2008-10-10 08:27 16,224 --a------ C:\Tcpip.reg
2008-10-10 08:21 . 2008-10-10 08:27 306 --a------ C:\Afd.reg
2008-10-10 08:21 . 2008-10-10 08:27 236 --a------ C:\Ndis.reg
2008-10-07 09:03 . 2008-10-07 09:03 <DIR> d-------- C:\WINDOWS\Motive
2008-10-07 09:03 . 2008-10-07 09:03 <DIR> d-------- C:\Programmi\Telecom Italia
2008-10-07 09:02 . 2008-10-07 09:02 <DIR> d-------- C:\Programmi\File comuni\Motive
2008-10-07 09:02 . 2008-10-07 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Motive
2008-10-07 09:01 . 2008-10-07 09:01 <DIR> d-------- C:\Programmi\Motive
2008-10-02 10:50 . 2008-10-06 15:53 3,218 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 07:13 200,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-25 07:13 17,166,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-25 06:53 --------- d-----w C:\Documents and Settings\Sergio & Maria\Dati applicazioni\uTorrent
2008-10-25 05:58 --------- d-----w C:\Programmi\Google
2008-10-24 13:40 --------- d-----w C:\Programmi\Bonjour
2008-10-24 09:18 --------- d-----w C:\Programmi\Spyware Terminator
2008-10-24 09:18 --------- d-----w C:\Documents and Settings\Sergio & Maria\Dati applicazioni\Spyware Terminator
2008-10-24 07:15 --------- d-----w C:\Programmi\GameSpy Arcade
2008-10-24 06:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-10-24 05:53 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-10-20 10:24 --------- d-----w C:\Programmi\SUPERAntiSpyware
2008-10-18 20:35 7,562,806 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-18 17:08 --------- d-----w C:\Programmi\eMule
2008-10-18 10:26 --------- d-----w C:\Programmi\0 setup
2008-10-18 09:34 --------- d-----w C:\Programmi\Yahoo!
2008-10-10 06:35 --------- d-----w C:\Programmi\WinClamAVShield
2008-10-07 07:03 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-07 07:03 --------- d-----w C:\Programmi\Alice ti aiuta
2008-10-02 22:51 232,960 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-10-01 06:52 --------- d-----w C:\Programmi\TuneUp Utilities 2008
2008-09-30 22:35 2,141,184 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-09-30 22:35 1,488,896 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-09-24 07:49 --------- d-----w C:\Programmi\DivX
2008-09-24 06:25 --------- d-----w C:\Programmi\File comuni\xing shared
2008-09-24 06:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-24 06:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-24 06:24 --------- d-----w C:\Programmi\File comuni\Real
2008-09-20 21:43 2,667,008 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-09-15 15:24 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-02 10:43 --------- d-----w C:\Programmi\Any to Icon
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:22 2,192,896 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-11 22:34 2,202,624 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-11 22:34 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-07-31 22:08 987,648 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-31 22:08 1,388,544 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-31 07:40 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-28 22:58 1,383,424 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-27 23:26 1,382,400 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-27 23:26 1,351,680 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-11 16:17 1,704,787 -c--a-w C:\Programmi\mirc631.rar
2005-05-20 06:16 188 ----a-w C:\Programmi\mp3mymp3data.lst
2005-05-18 11:27 1,564 -c--a-w C:\Programmi\README.txt
2002-12-09 12:58 2,446 -c--a-w C:\Programmi\ChangeLog.txt
2002-12-09 12:10 114,688 -c--a-w C:\Programmi\AVIPreview.exe
1999-04-16 09:28 151,552 -c--a-r C:\WINDOWS\inf\Agfa\Message.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-23_ 8.55.49.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 13:22:07 2,148,864 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:22:50 2,069,760 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:22:06 2,027,520 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:22:50 2,192,896 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-25 06:03:00 2,278 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{A83CC001-3F41-40E4-9FC7-CDB95204CC49}.bin
+ 2008-10-24 06:41:42 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-09-08 07:18:49 294,864 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-23 11:16:50 294,864 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-01-13 14:14:51 35,236 -c-ha-w C:\WINDOWS\system32\mlfcache.dat
+ 2008-10-23 16:15:12 54,500 -c-ha-w C:\WINDOWS\system32\mlfcache.dat
- 2007-07-27 08:41:40 16,760 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:40 18,808 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-04-15 17:47:48 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WheelMouse"="C:\Programmi\Trust\Ami Mouse Dual Scroll\AWMMAIN.EXE" [2000-06-24 147968]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"uTorrent"="C:\Programmi\uTorrent\uTorrent.exe" [2008-10-10 270128]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-10-20 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 90112]
"CTStartup"="C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE" [2001-06-04 28672]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Advanced WindowsCare V2 Personal"="C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe" [2007-05-10 2592240]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 2957824]
"DSLSTATEXE"="C:\Program Files\Hamlet\Adsl\dslstat.exe" [2005-10-24 344064]
"DSLAGENTEXE"="C:\Program Files\Hamlet\Adsl\dslagent.exe" [2005-08-25 65536]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 919016]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"QuickTime Task"="C:\QuickTime\qttask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-24 1234712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"Nokia.PCSync"="C:\Programmi\nokia 6300\Nokia Pc Suite\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-10-07 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-20 12:24 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-24 97928]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 138752]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-24 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-24 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-24 76040]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 Aps2wmou;Trust PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\Aps2wmou.sys [2000-06-17 10212]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\0 Parcheggio Scanner\winxpvirtualcdcontrolpanel_21\VCdRom.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-31 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - vksuigyjq.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vksuigyjq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97a58092-19da-11dd-928b-0004ed300101}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-24 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Programmi\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:09]

2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F1BF4BC-000D-483B-8238-6C1405E04E2C}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 09:20:48
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run?&3?????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???$????&3?????\???0???0???\???\???L???$???5?:~e?:~\???\???L???X?`???????:~\???\??????s$???\??????s\????&3?A??s?&3???:~???

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-10-25 9:23:19
ComboFix-quarantined-files.txt 2008-10-25 07:23:03
ComboFix2.txt 2008-10-23 06:56:50

Pre-Run: 18,362,499,072 byte disponibili
Post-Run: 18,460,811,264 byte disponibili

216 --- E O F --- 2008-10-24 21:10:23
r16
Inviato: Saturday, October 25, 2008 11:36:41 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 10,961
Mi piacerebbe sapere da dove salta fuori quel Rootkit....
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)


Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Prima di tutto termina dal task manager il processo ntos.exe (se c'è)
Portati alla seguente chiave:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

individua nella finestra di destra USERINIT ed eliminare SOLO la voce (se c'è): C:\WINDOWS\system32\ntos.exe,

ATTENZIONE a non eliminare tutta la chiave altrimenti il computer non sarà più in grado di riavviarsi

In pratica la chiave, dopo l'eliminazione della voce infetta, (sempre se c'è) dovrà presentarsi in questo modo:
C:\windows\system32\userinit.exe, (virgola compresa)

Cerco di spiegartelo meglio:
-Apri il File di Registro (Start\esegui\digita: regedit--ok)
-Cerca questa chiave;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
-Seleziona Winlogon e nella finestra di destra fai doppio click sulla chiave Userinit
-Nella finestra che si apre c'è la stringa contenente il valore di Userinit, che sarà: c:\windows\system32\userinit.exe,"C:\WINDOWS\system32\ntos.exe",
la parte in verde lasciala, la parte in rosso cancellala
-Elimina manualmente il file ntos.exe, chiudere il registro e riavviare il PC
Con la funzione "Cerca"trova e elimina (se ci sono)i file in rosso:
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\wsnpoem\audio.dll

Installa Gmer: http://www.gmer.net/gmer.zip
devi creare una apposta cartella sul desktop e, al suo interno, scompatta il file
avvia Gmer
a destra, nella schermata iniziale, accertati che siano spuntate le voci elencate (se non lo fossero, spuntale, tutte)
metti il segno di spunta sull’unità Disco da analizzare
metti il segno di spunta alla voce ADS
clicca su Scan, per avviare la scansione
dopo averlo avviato, Gmer si fermerà per qualche secondo poi eseguirà una scansione preliminare di ricerca di eventuali Rootkit, per poi continuare ed eseguire una scansione completa

Una volta completata la scansione, apparirà il log postalo qui. ( riferisci se trova voci in rosso, o in "grassetto" in nero.)
Posta anche un log aggiornato di HijackThis
ideamet
Inviato: Monday, October 27, 2008 10:06:56 AM

Rank: Newbie

Iscritto dal : 10/22/2008
Posts: 0
Applause
Ciao

Ho cliccato 2 volte su userinit mi appare la stringa “C:\WINDOWS\system32\userinit.exe,” senza la scritta finale
“ \ntos.exe “ e nell’editor del registro di sistema alla voce userinit c’è “ reg_sz C:\windows\system32\userinit.exe “ e manca la scritta “ \ntos.exe.

In quanto hai file video ho trovato: “ msvideo.dll “ , e ” wiavideo dll “, questi li devo eliminare?
E nessun file “ audio.dll “

Questo è il log di GMER : nessun file in rosso o in grassetto.


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-27 09:53:06
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xADE80A74]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xADEF6040]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xADE8048E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xADE8016A]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xADEF6510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xADEFC870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xADEFCAA0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xADE81B92]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xADEF6600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xADEF2F20]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xADE80286]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xADE8036C]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xADEFC580]
SSDT spxj.sys ZwEnumerateKey [0xF73FACA2]
SSDT spxj.sys ZwEnumerateValueKey [0xF73FB030]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xADE80D38]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xADEFE8B0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xADE807D0]
SSDT spxj.sys ZwOpenKey [0xF73DC0C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xADEFC350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xADEFC150]
SSDT spxj.sys ZwQueryKey [0xF73FB108]
SSDT spxj.sys ZwQueryValueKey [0xF73FAF88]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xADEFF250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xADEFECB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xADEF5C00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xADEFF080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xADEF6220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xADEF3120]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xADE7FFDA]
SSDT \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xADE66F20]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xADE808FC]

INT 0x62 ? 867DABF8
INT 0x74 ? 867DABF8
INT 0x74 ? 867DABF8
INT 0x74 ? 865A7BF8
INT 0x74 ? 867DABF8
INT 0x75 ? 865A7BF8
INT 0x82 ? 867DABF8
INT 0x84 ? 867DABF8
INT 0xA5 ? 865A7BF8
INT 0xB5 ? 865A7BF8

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [ 10, 65, EF, AD, 70, C8, EF, ... ]
? spxj.sys Impossibile trovare il file specificato. !
? srescan.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload F645B8AC 5 Bytes JMP 865A71D8
.text ao9d3fwv.SYS F62C0384 1 Byte [ 20 ]
.text ao9d3fwv.SYS F62C0386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text ao9d3fwv.SYS F62C03AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text ao9d3fwv.SYS F62C03C4 3 Bytes [ 00, 00, 00 ]
.text ao9d3fwv.SYS F62C03C9 1 Byte [ 00 ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\Internet Explorer\iexplore.exe[524] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[524] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4379179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[524] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 43791720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[524] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 43791764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[524] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 437916AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[524] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 437916E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[524] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 437917DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[524] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DD040] spxj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DD13C] spxj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DD0BE] spxj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DD7FC] spxj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DD6D2] spxj.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73ED048] spxj.sys
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\ao9d3fwv.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ADEFACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ADEFB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ADEFB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ADEFAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ADEFAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ADEFACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ADEFB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ADEFB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ADEFACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ADEFAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ADEFB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ADEFB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ADEFB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ADEFB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ADEFACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ADEFAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ADEFACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ADEFB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ADEFB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [ADEFB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [ADEFB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [ADEFAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [ADEFACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [ADEFACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [ADEFAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [ADEFB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [ADEFB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe[3144] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [63602441] C:\Programmi\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 867D91F8
Device \FileSystem\Fastfat \FatCdrom 844C41F8
Device \FileSystem\Udfs \UdfsCdRom 864691F8
Device \FileSystem\Udfs \UdfsDisk 864691F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\PCI_PNP0364 \Device\00000050 spxj.sys
Device \Driver\PCI_PNP0364 \Device\00000050 spxj.sys
Device \Driver\usbuhci \Device\USBPDO-0 866061F8
Device \Driver\sptd \Device\706079114 spxj.sys
Device \Driver\usbuhci \Device\USBPDO-1 866061F8
Device \Driver\usbuhci \Device\USBPDO-2 866061F8
Device \Driver\usbuhci \Device\USBPDO-3 866061F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8676B1F8
Device \Driver\Cdrom \Device\CdRom0 865CF1F8
Device \Driver\Cdrom \Device\CdRom1 865CF1F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP5T1L0-14 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-c sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-1f sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 865CF1F8
Device \Driver\Cdrom \Device\CdRom3 865CF1F8
Device \Driver\Cdrom \Device\CdRom4 865CF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84C72500
Device \Driver\NetBT \Device\NetbiosSmb 84C72500
Device \Driver\NetBT \Device\NetBT_Tcpip_{F0BA4F36-826F-4FC7-BDA5-B8B388545060} 84C72500
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 866061F8
Device \Driver\usbuhci \Device\USBFDO-1 866061F8
Device \Driver\usbuhci \Device\USBFDO-2 866061F8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84AB61F8
Device \Driver\usbuhci \Device\USBFDO-3 866061F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84AB61F8
Device \Driver\Ftdisk \Device\FtControl 8676B1F8
Device \Driver\ao9d3fwv \Device\Scsi\ao9d3fwv1 8651B1F8
Device \Driver\ao9d3fwv \Device\Scsi\ao9d3fwv1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ao9d3fwv \Device\Scsi\ao9d3fwv1Port6Path0Target0Lun0 8651B1F8
Device \Driver\ao9d3fwv \Device\Scsi\ao9d3fwv1Port6Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ao9d3fwv \Device\Scsi\ao9d3fwv1Port6Path0Target2Lun0 8651B1F8
Device \Driver\ao9d3fwv \Device\Scsi\ao9d3fwv1Port6Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ao9d3fwv \Device\Scsi\ao9d3fwv1Port6Path0Target1Lun0 8651B1F8
Device \Driver\ao9d3fwv \Device\Scsi\ao9d3fwv1Port6Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 844C41F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8646A1F8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0xFB 0xC0 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0F 0x5F 0x48 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDC 0x04 0x26 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB5 0xC2 0x79 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x48 0x71 0x41 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1A 0xC5 0x0F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0xFB 0xC0 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0F 0x5F 0x48 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDC 0x04 0x26 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB5 0xC2 0x79 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x48 0x71 0x41 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1A 0xC5 0x0F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0xFB 0xC0 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0F 0x5F 0x48 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDC 0x04 0x26 0xA7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB5 0xC2 0x79 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x48 0x71 0x41 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1A 0xC5 0x0F 0xCB ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE02.00.00.01MSWINDOWS 2B7C3D28346D233243359806E4BAED5A4D2EF6D849019AC1F7FC3C86F91E9F63C351D1F94DC5B970DAE2CF9AF99E262C8337400B46A5E59C11AC6B47CF6A19FE755BB6FE5B965F9C59CB1451384552E24670004DAFAD8C50DE788E470B193B3030720AFEA52CCCAA05B826928F021E1E55383742BC90C8C9BA7606074B6474D18400AD7656274001490B86765379B7F09303A7400B995BEBA150F63B185EB3B02981C4177AFDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5559DB7CE019D40AA5C8EDD5E5BE2F6E667D153954B8696D565BD982B6038D9119A26988C6A8C7ECE175C9C2E9EB4F7B1098AECD83F15AA5743CE0B79B4E50FE7FA60BE780261ABBF68C3F1A68501531B2C13DFB409CDBEDA88560EC0A1BEECD7E8E59B705EA459453C655B99CD2D84A29944447B4A6CBF3EBEDC278F1D7ED8465212C1DDE9368C6F820B196877D8CBA2E7F9A62938F0CB43406E4F98B027717EF740394924B67FB08384609795682157029288589B9F380F3E1CF52F7B7D062E6ED3FB641F8D1F615623574D52802EDEA672DEC951800B2B3A7AFCCFB08C9BE81F31F80084E38CBCEABE1B56E80FD2C0E90193644C6081840F22B916151E6BA3C4C394138D299EE10232BBA3A9C1A063AF2904AF10CE08EDE5AF7
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE904320-CCF7-5181-1432-382ACE83FF56}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE904320-CCF7-5181-1432-382ACE83FF56}@abapcmgkpngndighloeggokdnijiimadlg 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE904320-CCF7-5181-1432-382ACE83FF56}@bbapcmgkpngndighlofgjafbcahagnjklcjd 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.14 ----


Questo è il log di HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.56.43, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Hamlet\Adsl\dslstat.exe
C:\Program Files\Hamlet\Adsl\dslagent.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Trust\Ami Mouse Dual Scroll\AWMMAIN.EXE
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WheelMouse] C:\Programmi\Trust\Ami Mouse Dual Scroll\AWMMAIN.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0BA4F36-826F-4FC7-BDA5-B8B388545060}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\MsPMSPSv.exe (file missing)

--
End of file - 8526 bytes

Ti saluto e ti ringrazio per il tempo dedicatomi, per le spiegazioni accurate per me che non sono tanto esperto le ho trovate di estrema utilità.

Ciao a presto

r16
Inviato: Monday, October 27, 2008 1:09:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 10,961
ideamet ha scritto:
Applause
Ciao

Ho cliccato 2 volte su userinit mi appare la stringa “C:\WINDOWS\system32\userinit.exe,” senza la scritta finale
“ \ntos.exe “ e nell’editor del registro di sistema alla voce userinit c’è “ reg_sz C:\windows\system32\userinit.exe “ e manca la scritta “ \ntos.exe.

In quanto hai file video ho trovato: “ msvideo.dll “ , e ” wiavideo dll “, questi li devo eliminare?
E nessun file “ audio.dll “




No , questi file:msvideo.dll wiavideo dll NON li devi eliminare.
Se hai trovato in Userinit :C:\WINDOWS\system32\userinit.exe, (virgola compresa) và bene cosi'.
Era importante, che non ci fosse \ntos.exe .
Il log di HijackThis non presenta pericoli seri, ma elimina lo stesso queste voci:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\MsPMSPSv.exe (file missing)
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riscontri ancora problemi?
ideamet
Inviato: Tuesday, October 28, 2008 8:49:19 AM

Rank: Newbie

Iscritto dal : 10/22/2008
Posts: 0
Boo hoo!

Ciao
Complimenti, sei riuscito a risolvermi il problema delle finestre, dei tuoi consigli ne farò tesoro in futuro, e se avrò bisogno ti scriverò, Applause bravo R13.
L'unica cosa che si ripete spesso è quando faccio la scanzione con Spyware Terminator mi da: Affiliate tracking cookie (Traccia i cookie) con punto esclamativo arancione.
I file sono:
C:\Document and setting\Sergio&Maria\cookies\Sergio&Maria@207[2].txt
C:\Document and setting\Sergio&Maria\cookies\Sergio&Maria@statse.webtrendslive[2].txt
Di cosa si tratta?
Farò pulizia con ccleaner come hai detto tu, è un programma che uso spesso.
Ciao a presto!!!
r16
Inviato: Tuesday, October 28, 2008 6:53:35 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 10,961
Ciao.
C:\Document and setting\Sergio&Maria\cookies\Sergio&Maria@207[2].txt
C:\Document and setting\Sergio&Maria\cookies\Sergio&Maria@statse.webtrendslive[2].txt
Sono solo dei cookie traccianti , non c'è da preoccuparsi molto.
Però Superantispyware (che ho visto hai installato) li dovrebbe fulminare.
Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, digita (oppure, copia ed incolla) questo comando: Combofix /u e premi invio poi cancella le cartelle in "C" di combofix (qoobox)
Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Ciao!

ideamet
Inviato: Wednesday, October 29, 2008 8:43:16 AM

Rank: Newbie

Iscritto dal : 10/22/2008
Posts: 0
Ciao.
Ho cancellato Combofix
Ho rinascoscosto le cartelle di sistema
Ho riattivato il ripristino configurazione, e ne ho creato uno nuovo.
Quando navigo le finestre di pubblicità non appaiono piu.
Missione compiuta, grazie per l'aiuto.
Una domanda, conosci questi programmi antispyware? Mi consigli quale posso tenere?
Advanced WindowsCare V2 Personal ( questo pulisce anche la ram)
Spyware Terminator
SUPERAntiSpyware Free Edition
Ciao!!!





Applause
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.