Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Problema USERINIT
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
puntog
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 21/03/07 14:42
Messaggi: 147
Residenza: roma
MessaggioInviato: 23 Apr 2010 10:56    Oggetto: Problema USERINIT Rispondi citando
Salve a tutti,,da due giorni quando accendo il pc mi esce la scritta errore di applicazione userinit.exe e scompare tutto sul desktop.
Inoltre quando si connette si disattiva da solo il firewall,,,ma purtroppo non ho il cd di ripristino di xp,,,,,cosa posso fare????

Grazie



POSTO IL LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.54.14, on 23/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\rundll32.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\windows\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\svchost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\alg.exe
C:\windows\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?hl=it&btnG=Cerca+con+Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,C:\windows\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Documents and Settings\Administrator\Documenti\Pronto Soccorso\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)" -"http://www.gioco.it/gioco/3d_Penalty.html"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://filogatta.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135972747375
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://filogatta.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: UPnPService - Unknown owner - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe (file missing)

--
End of file - 7924 bytes
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10128
MessaggioInviato: 23 Apr 2010 12:52    Oggetto: Rispondi citando
Ciao.
Pulisci i files temporanei con CCleaner
http://forum.zeusnews.com/viewtopic.php?p=282670#282670

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:

F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,C:\windows\system32\sdra64.exe,

Segui questo percorso, ed elimina il file in rosso:
C:\windows\system32\sdra64.exe
Riavvia il pc

Scarica e installa la versione Free di SuperAntispyware:
link
la configuri come da immagini :
http://www.zeusnews.it/zz_upload/img/PSV/SAS/7477731.jpg
http://www.zeusnews.it/zz_upload/img/PSV/SAS/9926902.jpg
Esegui una scansione completa.

Segui le istruzioni di questo topic per usare MBAM:
http://forum.zeusnews.com/viewtopic.php?p=297823#297823
Esegui una scansione completa.

Carica i log di SuperAntispyware, MBAM, su WikiSend (o FreeFileHosting) e posta il Forum Link che ti viene assegnato.
link
Top
Profilo Invia messaggio privato
puntog
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 21/03/07 14:42
Messaggi: 147
Residenza: roma
MessaggioInviato: 23 Apr 2010 16:15    Oggetto: Rispondi citando
fatto tutto,,

mbam-log-2010-04-23 (14-53-41).txt



questo è l'altro


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/23/2010 at 04:03 PM

Application Version : 4.35.1002

Core Rules Database Version : 4842
Trace Rules Database Version: 2654

Scan type : Complete Scan
Total Scan Time : 00:49:07

Memory items scanned : 517
Memory threats detected : 0
Registry items scanned : 8360
Registry threats detected : 6
File items scanned : 28900
File threats detected : 3

Trojan.Agent/Gen
HKLM\System\ControlSet001\Services\uti2mzq1
C:\WINDOWS\SYSTEM32\DRIVERS\UTI2MZQ1.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_uti2mzq1
HKLM\System\ControlSet003\Services\uti2mzq1
HKLM\System\ControlSet003\Enum\Root\LEGACY_uti2mzq1
HKLM\System\CurrentControlSet\Services\uti2mzq1
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_uti2mzq1

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9426E228-ED91-40C6-A425-A50C36F88E7E}\RP1019\A0193161.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9426E228-ED91-40C6-A425-A50C36F88E7E}\RP993\A0186255.EXE
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10128
MessaggioInviato: 23 Apr 2010 16:18    Oggetto: Rispondi citando
Ciao.
Elimina tutto quello che ha trovato Malwarebytes.

Segui le istruzioni di questo topic per usare Combofix:
http://forum.zeusnews.com/viewtopic.php?t=45224

Il log, caricalo come hai fatto con Mbam.
Top
Profilo Invia messaggio privato
puntog
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 21/03/07 14:42
Messaggi: 147
Residenza: roma
MessaggioInviato: 23 Apr 2010 16:45    Oggetto: Rispondi citando
Non lo trovo,,,,metto così

ComboFix 10-04-21.01 - Administrator 23/04/2010 16.31.22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1010 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {006E0069-0053-0078-5300-5C0000004100}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Recent\Thumbs.db
C:\Thumbs.db
c:\windows\eSellerateEngine.dll
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-03-23 al 2010-04-23 )))))))))))))))))))))))))))))))))))
.

2010-04-23 13:10 . 2010-04-23 13:10 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-23 13:10 . 2010-04-23 13:10 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-15 08:58 . 2010-02-27 19:46 3691384 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Simply Super Software\Trojan Remover\fct10.exe
2010-04-13 08:56 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\67261521.sys
2010-04-13 08:56 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\6726152.sys
2010-04-13 08:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-12 20:14 . 2010-04-12 20:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-01 14:50 . 2010-04-01 14:50 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-04-01 14:45 . 2010-04-18 07:50 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2010-04-01 14:45 . 2010-04-01 14:45 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-04-01 14:45 . 2010-04-01 14:45 562848 ----a-w- c:\programmi\GoogleEarthSetup.exe
2010-04-01 12:33 . 2010-04-01 12:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2010-04-01 12:27 . 2010-04-01 12:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Software
2010-04-01 12:26 . 2010-04-01 12:39 -------- d-----w- c:\programmi\NCH Software
2010-04-01 12:26 . 2010-04-01 12:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\NCH Software
2010-03-25 20:04 . 2010-03-25 20:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\InstallShield
2010-03-25 17:30 . 2010-03-25 17:30 339530 ----a-w- c:\programmi\Downloader_4Story_de_3.3.87.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:39 . 2009-01-12 19:29 1308479520 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-23 14:28 . 2009-01-12 19:29 15332240 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-23 13:09 . 2009-02-11 10:32 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-23 10:25 . 2009-01-28 00:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-23 10:23 . 2009-01-28 00:21 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-18 07:54 . 2008-02-23 16:48 -------- d-----w- c:\programmi\Google
2010-04-15 08:59 . 2007-03-17 18:02 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-10 14:18 . 2009-11-20 20:53 -------- d-----w- c:\programmi\Poker Club for Totosi
2010-04-07 20:00 . 2009-11-08 00:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-04-07 18:51 . 2009-11-08 00:26 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-03-29 22:46 . 2009-01-08 12:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-01-08 12:22 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 08:38 . 2001-08-31 15:00 534784 ----a-w- c:\windows\system32\perfh010.dat
2010-03-28 08:38 . 2001-08-31 15:00 102088 ----a-w- c:\windows\system32\perfc010.dat
2010-03-25 20:07 . 2009-11-19 12:45 -------- d-----w- c:\programmi\Motorola Phone Tools
2010-03-25 20:05 . 2005-12-31 02:22 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-25 19:59 . 2009-11-19 12:47 -------- d-----w- c:\programmi\Avanquest update
2010-03-22 19:00 . 2007-03-27 10:41 -------- d-----w- c:\programmi\MediaCoder
2010-03-22 18:52 . 2007-01-15 22:03 2256 ----a-w- c:\windows\current_settings.bin
2010-03-20 16:11 . 2007-10-20 11:51 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Image Zone Express
2010-03-18 12:28 . 2010-03-18 12:28 782314 ----a-w- c:\programmi\picturemerge.exe
2010-03-10 06:15 . 2004-08-19 13:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 21:33 . 2008-02-20 12:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Vso
2010-03-04 14:52 . 2010-03-04 14:52 -------- d-----w- c:\programmi\Trojan Remover
2010-03-04 14:52 . 2010-03-04 14:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2010-03-04 14:52 . 2010-03-04 14:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Simply Super Software
2010-02-25 21:26 . 2010-01-07 20:19 -------- d-----w- c:\programmi\WebcamMax
2010-02-25 21:26 . 2010-02-25 21:26 24359965 ----a-w- c:\programmi\WebcamMax-7.0.8.8.MultiLanguage.Setup.exe
2010-02-25 06:16 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 08:16 . 2009-10-02 23:55 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 19:05 . 2004-08-19 13:34 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-19 13:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-07 21:45 . 2010-02-07 21:45 4938120 ----a-w- c:\programmi\Silverlight.exe
2010-02-07 13:52 . 2009-09-18 11:28 2326901 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2010-02-04 22:11 . 2010-02-04 22:11 18298146 ----a-w- c:\programmi\wireshark-win32-1.2.2.exe
2010-02-04 13:52 . 2009-09-18 11:28 823674 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2010-02-04 13:52 . 2009-09-18 11:28 369012 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2010-02-04 13:52 . 2009-09-18 11:28 184694 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2010-01-30 20:25 . 2010-01-30 20:25 2228534 ----a-w- c:\programmi\audacity-win-1.2.6.exe
2010-01-27 18:09 . 2009-09-18 11:28 127348 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2010-01-23 15:30 . 2009-09-18 11:28 106868 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2010-01-08 20:31 . 2010-01-08 20:31 595583 ----a-w- c:\programmi\audiotomidi.exe
2010-01-06 12:17 . 2010-01-06 12:17 827824 ----a-w- c:\programmi\chopperxp_[www.freedivx.it].zip
2010-01-06 12:07 . 2010-01-06 12:07 205495 ----a-w- c:\programmi\vobm201.zip
2009-11-24 10:18 . 2009-11-24 10:18 4913520 ----a-w- c:\programmi\klcp_update_544_20091109.exe
2009-11-24 10:11 . 2009-11-24 10:11 14929905 ----a-w- c:\programmi\klcodec470f.exe
2009-11-24 09:33 . 2009-11-24 09:33 1677824 ----a-w- c:\programmi\CrystalPro.exe
2009-11-24 09:25 . 2009-11-24 09:25 4182244 ----a-w- c:\programmi\ffdshow-rev3128_20091108.zip
2009-11-20 16:03 . 2009-11-20 16:03 7771349 ----a-w- c:\programmi\aTube_Catcher_Installer.exe
2009-11-17 13:51 . 2009-11-17 13:51 16968544 ----a-w- c:\programmi\IE8-WindowsXP-x86-ITA.exe
2009-11-08 00:23 . 2009-11-08 00:23 2020136 ----a-w- c:\programmi\SkypeSetup.exe
2009-11-07 20:05 . 2009-11-07 20:05 5862994 ----a-w- c:\programmi\ts2_client_rc2_2032.exe
2009-11-05 08:54 . 2009-11-05 08:54 8409088 ----a-w- c:\programmi\aTube_aTube10294-s-it.exe
2009-11-04 11:22 . 2009-11-04 11:21 11647 ----a-w- c:\programmi\youtube_to_mp3-1.0.4-fx.xpi
2009-10-12 10:20 . 2009-10-12 10:19 3437211 ----a-w- c:\programmi\PIXresizer.zip
2009-10-05 09:50 . 2009-10-05 09:50 12794245 ----a-w- c:\programmi\FreeVideoToDVDConverter.exe
2009-10-04 08:11 . 2009-10-04 08:11 125491456 ----a-w- c:\programmi\magix.exe
2009-09-24 18:44 . 2009-09-24 18:44 29271931 ----a-w- c:\programmi\FreeStudio.exe
2009-09-21 15:33 . 2009-09-21 15:33 140233 ----a-w- c:\programmi\speedtestv13.zip
2009-07-24 11:25 . 2009-07-24 11:25 4130372 ----a-w- c:\programmi\freez_flv2avi.exe
2009-06-29 14:48 . 2009-06-29 14:48 4960294 ----a-w- c:\programmi\RivaEncoderSetup.exe
2009-06-24 22:10 . 2009-06-24 22:10 1581568 ----a-w- c:\programmi\setup_bc_4_53_41.exe
2009-06-16 11:39 . 2009-06-16 11:39 218046 ----a-w- c:\programmi\mpTrim.zip
2009-06-07 11:40 . 2009-06-07 11:39 21935408 ----a-w- c:\programmi\QuickTimeInstaller.exe
2009-03-11 12:00 . 2009-03-11 11:59 450114 ----a-w- c:\programmi\RegSeeker.zip
2009-03-06 10:13 . 2009-03-06 10:13 2686232 ----a-w- c:\programmi\visualc ++.exe
2008-10-03 13:44 . 2008-10-03 13:43 2959376 ----a-w- c:\programmi\dotnetfx35setup.exe
2008-09-29 14:34 . 2008-09-29 14:33 136995 ----a-w- c:\programmi\SDcopy199beta.zip
2008-09-28 17:07 . 2008-09-28 17:07 7328880 ----a-w- c:\programmi\Firefox Setup 3.0.3.exe
2008-04-16 15:15 . 2008-04-16 15:15 10412315 ----a-w- c:\programmi\bpmdemo.exe
2008-03-07 12:31 . 2008-03-07 12:31 5632 --sha-w- c:\programmi\Thumbs.db
2008-02-20 14:28 . 2008-02-20 14:26 105673488 ----a-w- c:\programmi\Office2003SP2-KB887616-FullFile-ITA.exe
2008-02-08 10:08 . 2008-02-08 10:08 28868320 ----a-w- c:\programmi\FileFormatConverters.exe
2007-03-19 12:12 . 2007-03-19 12:11 6020448 ----a-w- c:\programmi\ewido-setup_4.0.0.172c.exe
2007-01-25 14:55 . 2007-01-25 14:55 953442 ----a-w- c:\programmi\sexanoid.zip
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"="c:\documents and settings\Administrator\Documenti\Pronto Soccorso\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-23 13:09 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Gameforge4D\\4Story\\4Story.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 67261521;67261521;c:\windows\system32\drivers\67261521.sys [13/04/2010 10.56.02 128016]
R1 is-HP641drv;is-HP641drv;c:\windows\system32\drivers\09314461.sys [28/01/2009 20.37.52 148496]
R1 is-M7BJCdrv;is-M7BJCdrv;c:\windows\system32\drivers\93441863.sys [12/01/2009 21.29.12 148496]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 12.06.00 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12.05.58 66632]
R1 setup_9.0.0.722_13.04.2010_11-10drv;setup_9.0.0.722_13.04.2010_11-10drv;c:\windows\system32\drivers\6726152.sys [13/04/2010 10.56.01 315408]
R2 PD91Agent;PD91Agent;c:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [31/12/2008 14.12.40 693512]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S0 67261522;67261522 Boot Guard Driver;c:\windows\system32\DRIVERS\67261522.sys --> c:\windows\system32\DRIVERS\67261522.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/03/2009 0.51.17 717296]
S1 is-NSGLDdrv;is-NSGLDdrv;c:\windows\system32\drivers\82001903.sys [11/12/2009 23.46.26 148496]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [01/04/2010 16.45.33 136176]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 8.08.52 3575808]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [04/10/2009 10.16.19 1527900]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 17.35.02 50704]
S3 PD91Engine;PD91Engine;c:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [31/12/2008 14.12.44 910600]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12.06.02 12872]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe --> c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-01 14:45]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-01 14:45]

2010-04-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-04-23 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/webhp?hl=it&btnG=Cerca+con+Google
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\hawepdhp.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\hawepdhp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\hawepdhp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\programmi\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 16:39
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-57989841-651377827-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,f9,96,71,4e,3f,9c,4d,ab,d5,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,f9,96,71,4e,3f,9c,4d,ab,d5,c9,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,3d,6d,76,54,89,5d,43,bd,88,6a,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="09130B29AF57D25D03CC660E69001693BA99B07E07C7BA42BE24E4970C7AB951E64DAA78CE88FDE0A435C38A0FAE53056A12FA23237B60449655FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A6A0AC4980AC7933D2780184CF19F73F4C0C27CF0733D17CCA9CC247A1B93317EB6B4095D275190ECA4E9DBE95E6A4007B4C971EACCE92D2878ADEB82C7D39299006EA5C9D791AB2EB254C13ABF48A39DF0E1DDD6290DD14E8D8774DFAF130598E0A04583DA4B2E94ADA8D97EA53124901DC353BC247E5C38462A4E48A43B5ECAD3BDA3FAEA089E002420B77F2478DDFE8B87F762E76C43AF5729B749A50CA81BA5561DB3447A7182EA38CF1A4CB2E062794C0E2C6537621DDCABC07AFAED58685072E0BD02CFB6572B8045BA68D8D92CD5ADE6973C8D976DFA087B891A320BFE4EF79405092D8F0F2B0031AE36D253573E5E608DFF5B50EA29C9F3CCCAC55C4AF2823023E73F536DAAFBFAA080255EEB185894B7BACB18E525BCFD4B0F60880C2B92B6AEBF96B8857CA169A88936116297E1A5B787359F29E6F84DC52E72FB3FEA0B8A6EE87B80A1910050D992270D37B890F6ECE059D88BB5C4EC009172172C8D016FA9FB14135D6FA2FBB36DB0E2550D086D0B9D05374E09B6283F14E1EA48AB0AEBB1C3FC9D6C901DA6F1B29295D50753FE2B7F732AB499919B8EC0FC405AD1897D4442DFD0EAF88F3894CA116A12C8B1D990DD1D679B4B8EF8A9D8C1DA325560543BEACEB51C9EC887B8E938BEB159BA8FC3FE842FBE6CC87366B2C8F6465ADD09AF42285E95E7B4D4CEC81250AC1A00D281BFAD7A7A89FA40D850C697F66D479FE12A621F2B6F89619351F631D6E0B1ACD2EFA60C2C36E3174587ADB80A5F2A0AC8884F9DDA01DDF1179D7A79C583EC430CC1009E68969B8641B7B7B47A32A0C718D3EADEE6E914A750FC63BCF4293A3288E14E004CBB66D6B44C6C307E309A5AF99083F40F4F4959F91BF4756F3D57322CC95DD5CE36DA2AA10C612C8EF177C5D6ACA943D0EDAAB795FC7DD2037C6149DA7D756062D1CD2D7FE1BA566554EC085012178A796CA94831917EFF5D8970AB0835009ED0744193BD519A491A29CC8C4225D1A9371BE814FA59CD6EE2FF27B8105A91550D459B8329BC619CB6EE38FCE57840A6A83A7C48630F84DF98E7436CD1AC2FEC1FD4515AE1C6070EFCF7A3169EE4E3FE73766D362258272D8D2AA2865EEAE2EA86FE436B6E9D37C27652A71EEF726959DF9534BB2B6C2C9A1D81BE6AC793471BF170A4B60D6C6F073CD31354DC8AD4970BCB8E95B5CF5BABD05BD299B6FCB77946A7824DC7B1069A62E410608F93A7E99F5D612D2CF8E90E9BC7C4C3E4B26D48C5FE9356BB43A"

[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-04-23 16:42:05
ComboFix-quarantined-files.txt 2010-04-23 14:42

Pre-Run: 12.100.149.248 byte disponibili
Post-Run: 16.319.553.536 byte disponibili

- - End Of File - - C905B2E4D82DCA69EB69CEEB8B236437
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10128
MessaggioInviato: 23 Apr 2010 17:02    Oggetto: Rispondi citando
Funziona tutto?
Riscontri problemi ?
Posta un log aggiornato di HiJackThis.
Per favore:
Carica il log di HiJackThis su WikiSend (o FreeFileHosting) e posta il Forum Link che ti viene assegnato.
link
Top
Profilo Invia messaggio privato
puntog
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 21/03/07 14:42
Messaggi: 147
Residenza: roma
MessaggioInviato: 23 Apr 2010 17:06    Oggetto: Rispondi citando
Spero sia tutto apposto



Scan saved at 17.04.41, on 23/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\windows\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\windows\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\svchost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?hl=it&btnG=Cerca+con+Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Documents and Settings\Administrator\Documenti\Pronto Soccorso\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)" -"http://www.gioco.it/gioco/3d_Penalty.html"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://filogatta.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135972747375
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://filogatta.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: UPnPService - Unknown owner - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe (file missing)

--
End of file - 7184 bytes
Top
Profilo Invia messaggio privato
puntog
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 21/03/07 14:42
Messaggi: 147
Residenza: roma
MessaggioInviato: 23 Apr 2010 17:09    Oggetto: Rispondi citando
Perdonami


URL=http://forum.zeusnews.com/link/54373]hijackthis.log[/URL]
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10128
MessaggioInviato: 23 Apr 2010 20:08    Oggetto: Rispondi citando
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema.
http://forum.zeusnews.com/viewtopic.php?t=22084

Segui le istruzioni di questo topic per rimuovere combofix, e gli altri eventuali tooll installati:
http://forum.zeusnews.com/viewtopic.php?t=47670

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Documents and Settings\Administrator\Documenti\Pronto Soccorso\Uniblue\RegistryBooster\RegistryBooster.exe /S
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://filogatta.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://filogatta.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Fai una pulizia con CCleaner.

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch

Segui le istruzioni di questo topic per eliminare gli ADS:
http://forum.zeusnews.com/viewtopic.php?t=45223

Da Installazione Applicazioni, disinstalla le versioni installate di Java.
Installa questa versione:
link
Se in fase di installazione, ti venisse rchiesta l'installazione di qualche Toolbar, non la installare.

Fai una deframmentazione del HD.
Esegui anche uno Scandisk.

Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Top
Profilo Invia messaggio privato
puntog
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 21/03/07 14:42
Messaggi: 147
Residenza: roma
MessaggioInviato: 24 Apr 2010 00:23    Oggetto: Rispondi citando
FAtto tutto,,,tranne disattiva combofix perchè in quella guida c'è scritto solo come farlo partire,,non come levarlo

Grazie
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10128
MessaggioInviato: 24 Apr 2010 12:28    Oggetto: Rispondi citando
Ciao.
Per eliminare Combofix, (non disattivare) ti ho indicato questo Tooll:
http://forum.zeusnews.com/viewtopic.php?t=47670
Ciao! Ciao
Top
Profilo Invia messaggio privato
puntog
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 21/03/07 14:42
Messaggi: 147
Residenza: roma
MessaggioInviato: 24 Apr 2010 17:23    Oggetto: Rispondi citando
Io li vedo solo come installare COMBOFIX non come eliminare!!

Comunque credo basti levare il log,,,almeno spero


ciao
Top
Profilo Invia messaggio privato
lorenaino
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 14/02/09 11:44
Messaggi: 147
Residenza: Sasso Marconi
MessaggioInviato: 24 Apr 2010 18:50    Oggetto: Rispondi
ciao,scusate l'intrusione,se guardi bene il topic,c'è scritto di scaricare OTC di OldTimer,questo tool ti disinstallerà combofix.
Ciao
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi