www.MegaLab.it

da **Amantide** » lun dic 18, 2006 12:46 pm

danyela ha scritto:Dei file che mi hai indicato sono riuscita a trovare solo
E:\WINDOWS\web\related.htm
e l'ho eliminato.

Immagino che avevi abilitato la visualizzazione dei file nascosti, è vero?

Ora devo comunque ripulire il registro come mi hai detto pur non avendo eliminato i file?

Si.

Scusami se ti faccio tutte queste domande ma senza il tuo aiuto non saprei proprio dove mettere mano!

Non ti preoccupare, siamo qui apposta [;)]

da **danyela** » lun dic 18, 2006 4:52 pm

Ho eliminato "e:\windows\compaqnetwork.exe",
conservando questo
e:\windows\system32\userinit.exe,
Ora mi chiedevo per eliminare questi:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VolControl
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ImMsnE
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F118B90E-6475-D392-96A1-C53F0BB257D4}

Faccio doppio click(su ciascuno di essi)e si apre la finestra dove c'è scritto nome del valore e dati del valore. Devo cancellare dove c'è la scritta in dati del valore?

da **Amantide** » lun dic 18, 2006 4:59 pm

danyela ha scritto:Ora mi chiedevo per eliminare questi:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VolControl
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ImMsnE
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F118B90E-6475-D392-96A1-C53F0BB257D4}

Faccio doppio click(su ciascuno di essi)e si apre la finestra dove c'è scritto nome del valore e dati del valore. Devo cancellare dove c'è la scritta in dati del valore?

Non devi fare il doppio click, devi cliccare con il tasto destro sui valori (cartelle) indicati in rosso e poi cliccare su Elimina, come se fossero i file comuni. [;)]

da **danyela** » lun dic 18, 2006 5:24 pm

Ho rifatto la scansione con Hijackthis, ma queste voci non c'erano più
F2 - REG:system.ini: UserInit=e:\windows\system32\userinit.exe,"e:\windows\compaqnetwork.exe",
O4 - HKLM\..\Run: [VolControl] E:\WINDOWS\volumec.exe -i
O4 - HKLM\..\Run: [ImMsn] E:\WINDOWS\msncomm.exe /i
O2 - BHO: Class - {F118B90E-6475-D392-96A1-C53F0BB257D4} - E:\WINDOWS\dtipq1.dll (file missing)

Quindi ho eliminato solo queste:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk134YYIT

Vuoi che ti posto i log?

da **danyela** » lun dic 18, 2006 6:56 pm

Ti incollo il rapporto della scansione con AVG Anti-Spyware-

-------------------------------------------------------
AVG Anti-Spyware - Rapporto scansione
---------------------------------------------------------

+ Creato alle: 17.54.13 18/12/2006

+ Risultato scansione:

E:\Programmi\MyWebSearch\bar\2.bin\M3IDLE.DLL -> Adware.IWon : Ignorato.
E:\Programmi\MyEmoticons\MyEmoticons_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Ignorato.
E:\Programmi\Save -> Adware.SaveNow : Ignorato.
E:\Programmi\Save\Save.exe.acm.dll.mdmp -> Adware.SaveNow : Ignorato.
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Ignorato.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Ignorato.
E:\Programmi\Starware -> Adware.Starware : Ignorato.
E:\Programmi\Starware\StarwareConfig.xml -> Adware.Starware : Ignorato.
E:\Programmi\Starware\StarwareUninstall.exe -> Adware.Starware : Ignorato.
E:\Programmi\Starware\bin -> Adware.Starware : Ignorato.
E:\Programmi\Starware\bin\Starware.dll -> Adware.Starware : Ignorato.
E:\Programmi\Starware\bin\Starware.dll.bak -> Adware.Starware : Ignorato.
E:\Programmi\Starware\bin\dlls -> Adware.Starware : Ignorato.
E:\Programmi\Starware\bin\dlls\jokester.dll -> Adware.Starware : Ignorato.
E:\Programmi\Starware\brand.bmp -> Adware.Starware : Ignorato.
E:\Programmi\Starware\icons -> Adware.Starware : Ignorato.
E:\Programmi\Starware\icons\star_16.ico -> Adware.Starware : Ignorato.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Starware -> Adware.Starware : Ignorato.
HKU\S-1-5-21-57989841-1580818891-854245398-1003\Software\Starware -> Adware.Starware : Ignorato.
HKU\S-1-5-21-57989841-1580818891-854245398-1003\Software\Starware\Options -> Adware.Starware : Ignorato.
HKU\S-1-5-21-57989841-1580818891-854245398-1003\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Ignorato.
HKU\S-1-5-21-57989841-1580818891-854245398-1003\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Ignorato.
HKU\S-1-5-21-57989841-1580818891-854245398-1003\Software\Starware\SearchAssistant -> Adware.Starware : Ignorato.
E:\Programmi\MyWebSearch\bar\2.bin\F3HTTPCT.DLL -> Downloader.IstBar : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@112.2o7[2].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@122.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@2o7[2].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@livedealcom.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@adbrite[2].txt -> TrackingCookie.Adbrite : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@adbrite[3].txt -> TrackingCookie.Adbrite : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@my.adocean[2].txt -> TrackingCookie.Adocean : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@adtech[2].txt -> TrackingCookie.Adtech : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@advertising[2].txt -> TrackingCookie.Advertising : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@servedby.advertising[1].txt -> TrackingCookie.Advertising : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@atdmt[2].txt -> TrackingCookie.Atdmt : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@bfast[1].txt -> TrackingCookie.Bfast : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ads20.bpath[2].txt -> TrackingCookie.Bpath : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@burstnet[1].txt -> TrackingCookie.Burstnet : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@casalemedia[3].txt -> TrackingCookie.Casalemedia : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@com[1].txt -> TrackingCookie.Com : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@c.enhance[2].txt -> TrackingCookie.Enhance : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@estat[1].txt -> TrackingCookie.Estat : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@as1.falkag[3].txt -> TrackingCookie.Falkag : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@fastclick[1].txt -> TrackingCookie.Fastclick : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@fastclick[2].txt -> TrackingCookie.Fastclick : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@media.fastclick[2].txt -> TrackingCookie.Fastclick : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@media.fastclick[3].txt -> TrackingCookie.Fastclick : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@findwhat[1].txt -> TrackingCookie.Findwhat : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@c.goclick[2].txt -> TrackingCookie.Goclick : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-asco.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-gmi.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-gmi.hitbox[3].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-invitrogen.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-lookfantastic.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-mruholdings.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-newscientist.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-nokiafin.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-reebok.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-samsungusa.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-tekzoned.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-ubisoft.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-unicredit.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@hitbox[3].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@w123.hitbox[1].txt -> TrackingCookie.Hitbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@hotlog[2].txt -> TrackingCookie.Hotlog : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ads20.hyperbanner[1].txt -> TrackingCookie.Hyperbanner : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@hypertracker[1].txt -> TrackingCookie.Hypertracker : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ilead.itrack[1].txt -> TrackingCookie.Itrack : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ilead.itrack[3].txt -> TrackingCookie.Itrack : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@komtrack[2].txt -> TrackingCookie.Komtrack : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@lop[1].txt -> TrackingCookie.Lop : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@stat.onestat[1].txt -> TrackingCookie.Onestat : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@data2.perf.overture[2].txt -> TrackingCookie.Overture : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@data3.perf.overture[1].txt -> TrackingCookie.Overture : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@data3.perf.overture[3].txt -> TrackingCookie.Overture : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@overture[1].txt -> TrackingCookie.Overture : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@overture[3].txt -> TrackingCookie.Overture : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@perf.overture[1].txt -> TrackingCookie.Overture : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ppms.popularix[2].txt -> TrackingCookie.Popularix : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@pro-market[2].txt -> TrackingCookie.Pro-market : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@qksrv[1].txt -> TrackingCookie.Qksrv : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@questionmarket[3].txt -> TrackingCookie.Questionmarket : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ads1.revenue[1].txt -> TrackingCookie.Revenue : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@revenue[1].txt -> TrackingCookie.Revenue : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@revenue[3].txt -> TrackingCookie.Revenue : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@edge.ru4[2].txt -> TrackingCookie.Ru4 : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@serving-sys[3].txt -> TrackingCookie.Serving-sys : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@spylog[1].txt -> TrackingCookie.Spylog : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@h.starware[1].txt -> TrackingCookie.Starware : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@starware[2].txt -> TrackingCookie.Starware : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@try.starware[1].txt -> TrackingCookie.Starware : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@www.starware[1].txt -> TrackingCookie.Starware : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@statcounter[1].txt -> TrackingCookie.Statcounter : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@statcounter[3].txt -> TrackingCookie.Statcounter : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@tacoda[1].txt -> TrackingCookie.Tacoda : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@trafic[1].txt -> TrackingCookie.Trafic : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@valueclick[2].txt -> TrackingCookie.Valueclick : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@weborama[1].txt -> TrackingCookie.Weborama : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@yadro[2].txt -> TrackingCookie.Yadro : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@c2.zedo[2].txt -> TrackingCookie.Zedo : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@c5.zedo[2].txt -> TrackingCookie.Zedo : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@zedo[2].txt -> TrackingCookie.Zedo : Ignorato.
E:\Documents and Settings\fs\Cookies\fs@zedo[3].txt -> TrackingCookie.Zedo : Ignorato.

::Fine rapporto

da **Amantide** » lun dic 18, 2006 7:57 pm

danyela ha scritto:Ti incollo il rapporto della scansione con AVG Anti-Spyware

Come mai il rapporto di AVG Anti-Spyware riporta tutte le voci come Ignorato? Avevi deciso tu di abbandonare la pulizia dei file infetti?
Se è cosi rifai la scansione ed elimina tutte le voci segnalate.
Dopo dai una ripassatina con CwShredder e alla fine ripostami il log finale di Hijackthis. A quel punto il pc dovrebbe essere finalmente pulito.

da **danyela** » lun dic 18, 2006 10:23 pm

Ok ho fatto la scansione con CwShredde e nulla è stato rivelato, per quanto riguarda il rapporto di AVG Anti-Spyware l'avevo postato prima di eliminare i file infetti, ma poi l'ho eliminati [^]

Questo è il report finale di Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21.23.18, on 18/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
E:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
E:\Programmi\Spyware Terminator\sp_rsser.exe
C:\VEXPLITE\viritsvc.exe
E:\WINDOWS\explorer.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Documents and Settings\fs\Desktop\Tools_antivirus\_a_i_g_i_a_c_k_t_h_i_s.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCTVRemote] E:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [MMTray] "E:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mmtask] "E:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "E:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk134YYIT
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesit.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O16 - DPF: Win32 Classes -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Tutto ok?
Grazie mille di tutto!!!

da **Amantide** » lun dic 18, 2006 10:35 pm

C'è solo questa voce da fixare
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk134YYIT

Vedo che hai messo Zone Alarm e Spyware Terminator, ma l'antivirus che fine ha fatto? Non avevi prima Avira? Non l'hai rimesso?
Il VirIT lo puoi disinstallare, serviva solo per rimuovere il Gromozon, come l'unico antivirus non è granche.

Per il resto il computer ora è pulitissimo, devi solo provvedere a reinstallare l'antivirus il prima possibile.

da **danyela** » lun dic 18, 2006 10:50 pm

Ok, fatto tutto...ho appena reinstallato anche Antivir.
Thank you [linux]

da **aris73** » gio dic 21, 2006 5:10 pm

posso...???
prova ed esegui questa procedura
scarica questo http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

Avvia il programma,clicca su Start
Attendi e si apre una finestra
Clicca sul disco C:\
scorri l'albero fino a questo percorso
C:\Programmi\File comuni\System
controlla se ci sono files verdi, se si
Seleziona il primo files
Una volta selezionato ti darà questo messaggio
"Nome file selected for cleaning."
Do you want to continue?"
Clicca su Yes
Una finestra ti avviserà dell'operazione conclusa
Ripeti la medesima operazione per tutti i files verdi presenti nella directory
C:\Programmi\File comuni\System
e
C:\Programmi\File comuni\Microsoft Shared
e
C:\Programmi\Windows NT

riavvi il pc ed esegui tutto il resto

da **danyela** » gio dic 21, 2006 5:31 pm

perché il mio pc non è ancora ok? [cry+]

da **aris73** » gio dic 21, 2006 5:42 pm

danyela ha scritto:perché il mio pc non è ancora ok?

no tranquilla é solo un controllo in più per verificare se é rimasto qualche residuo... [^]

hanno già fatto un ottimo lavoro

ciao

da **monykina** » ven dic 29, 2006 2:09 pm

salve, girando sul web in cerca di una soluzione al mio problema, ho trovato questo simpatico forum e mi ci sono iscritta subito [rolleyes]

Seguendo le istruzioni da voi suggerite riguardo il problema sul file ctfmon32.dll vi incollo di seguito il file log di "The Avenger"

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pdkbkmhf

*******************

Script file located at: \??\E:\WINDOWS\nbtjjewj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at E:\Avenger

*******************

Beginning to process script file:

File E:\WINDOWS\ctfmon32.exe not found!
Deletion of file E:\WINDOWS\ctfmon32.exe failed!

Could not process line:
E:\WINDOWS\ctfmon32.exe
Status: 0xc0000034

File E:\WINDOWS\ctfmon32.dll deleted successfully.

File E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\adobe32.exe not found!
Deletion of file E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\adobe32.exe failed!

Could not process line:
E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\adobe32.exe
Status: 0xc0000034

File E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\clipsrv32.exe not found!
Deletion of file E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\clipsrv32.exe failed!

Could not process line:
E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\clipsrv32.exe
Status: 0xc0000034

File E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\winlogin32.exe not found!
Deletion of file E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\winlogin32.exe failed!

Could not process line:
E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\winlogin32.exe
Status: 0xc0000034

File E:\wmcfg.dat not found!
Deletion of file E:\wmcfg.dat failed!

Could not process line:
E:\wmcfg.dat
Status: 0xc0000034

Could not delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|User Input Services
Deletion of registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|User Input Services failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Inoltre il seguente è di Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13.02.35, on 29/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\WinRAR\WinRAR.exe
E:\DOCUME~1\aa\IMPOST~1\Temp\Rar$EX00.672\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - E:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TerraTec Scheduler] E:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AWMON] "E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - E:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - E:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - E:\Programmi\Agnitum\Outpost Firewall\outpost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Programmi\CyberLink\Shared files\RichVideo.exe

Spero qualcuno mi aiuti[boh] ..graziee [^]

da **crazy.cat** » ven dic 29, 2006 2:20 pm

monykina ha scritto:File E:\WINDOWS\ctfmon32.dll deleted successfully.

Il file sembra che sia stato cancellato.
Per il resto si vedono dei gran file not found.

E forse è meglio se ci fai un riassunto dei problemi che hai adesso.

da **monykina** » ven dic 29, 2006 2:31 pm

allora diciamo che non si è risolto nulla. Ho fatto le scansioni in modalità provvisoria perché all'avvio il pc si bloccava. Ritornata in modalità normale mi compare sempre l'avviso di avast del virus, se provo a cancellare si ripresenta.. dunque non posso effettuare alcuna operazione [cry]

da **Amantide** » ven dic 29, 2006 3:29 pm

Ogni computer è individuale, cosi come anche i virus su ogni pc si evolvono in modo diverso. Di conseguenza, lo script che andava bene per il caso di Daniela, poteva non andare bene per te.
Postami i log della scansione con Gmer delle sezioni Autostart e Rootkit, cosi vediamo cosa gira nel tuo pc.

da **monykina** » ven dic 29, 2006 4:21 pm

ho aperto il programma gmer, ma per la scansione devo selezionare tutto(in alto a destra)? cioè System, Registry, Files ecc oppure bisogna selezionarne solo alcune voci?

da **Amantide** » ven dic 29, 2006 4:26 pm

In alto dovrebbero essere delle schede fra quali anche Autostart e Rootkit. Le selezioni una alla volta, a destra premi Scan (senza variare nient' altro) e alla fine della scansione premi il bottone Copy, dopodichè incolla il risultato qui sul forum.

da **monykina** » ven dic 29, 2006 4:40 pm

in autostart :
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2006-12-29 15:33:48
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = E:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "E:\Programmi\Alwil Software\Avast4\ashServ.exe"
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = E:\Programmi\ewido anti-spyware 4.0\guard.exe
LEC TranslateDotNet Server /*LEC TranslateDotNet Server*/@ = "E:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe"
MDM /*Machine Debug Manager*/@ = "E:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
OutpostFirewall /*Outpost Firewall Service*/@ = E:\Programmi\Agnitum\Outpost Firewall\outpost.exe /service /*file not found*/
RichVideo /*Cyberlink RichVideo Service(CRVS)*/@ = "E:\Programmi\CyberLink\Shared files\RichVideo.exe" ??????????????????????????????????????????????????
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = E:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@avast!E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@SunJavaUpdateSched"E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
@TerraTec SchedulerE:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe = E:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
@QuickTime Task"E:\Programmi\QuickTime\qttask.exe" -atboottime = "E:\Programmi\QuickTime\qttask.exe" -atboottime
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@!ewido"E:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized = "E:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = E:\WINDOWS\service32.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" = "E:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
@MsnMsgr"E:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "E:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@AWMON"E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" = "E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
@MSMSGS"E:\Programmi\Messenger\msmsgs.exe" /background = "E:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = E:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/E:\WINDOWS\system32\extmgr.dll = E:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/E:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = E:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/E:\Programmi\Microsoft Office\OFFICE11\msohev.dll = E:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/E:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = E:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/E:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = E:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/E:\Programmi\Alwil Software\Avast4\ashShell.dll = E:\Programmi\Alwil Software\Avast4\ashShell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/E:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = E:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/E:\Programmi\WinRAR\rarext.dll = E:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = E:\Programmi\Alwil Software\Avast4\ashShell.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = E:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = E:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = E:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = E:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = E:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}E:\Programmi\Java\jre1.5.0_09\bin\ssv.dll = E:\Programmi\Java\jre1.5.0_09\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageE:\WINDOWS\system32\blank.htm = E:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = E:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = E:\WINDOWS\system32\msvidctl.dll
its@CLSID = E:\WINDOWS\system32\itss.dll
livecall@CLSID = E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = E:\WINDOWS\system32\itss.dll
ms-itss@CLSID = E:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = E:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = E:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = E:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = E:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.12 ----

da **monykina** » ven dic 29, 2006 4:46 pm

il secondo non riesco a mandalo.. è troppo grande [boh]

www.MegaLab.it

ctfmon32.dll

file log The avenger e Hijackthis

Re: file log The avenger e Hijackthis

Chi c’è in linea