MegaLab.it

Ciao a tutti.
Sono un nuovo iscritto e grazie al vostro materiale e forum ho finalmente capito dove sta il problema nel mio pc, in pratica è affetto dal virus in oggetto.
Ho fatto la scansione tramite gmer del rookit e autostart che riporto qui di seguito per chiedervi il corretto script per avenger. Vi ringrazio per la collaborazione e disponibilità.

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-26 19:07:43
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Systemcsted.exe = csted.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
WgaLogon@DLLName = WgaLogon.dll
WRNotifier@DLLName = WRLogonNTF.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ALG /*Servizio Gateway di livello applicazione*/@ = %SystemRoot%\System32\alg.exe
aspnet_state /*ASP.NET State Service*/@ = %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe" /*file not found*/
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe" /*file not found*/
avast! Mail Scanner /*avast! Mail Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service /*file not found*/
avast! Web Scanner /*avast! Web Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service /*file not found*/
ClipSrv /*ClipBook*/@ = %SystemRoot%\system32\clipsrv.exe
COM+ Messages /*COM+ Messages*/@ = "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 /*file not found*/
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NetDDE /*DDE di rete*/@ = %SystemRoot%\system32\netdde.exe
NetDDEdsdm /*DDE DSDM di rete*/@ = %SystemRoot%\system32\netdde.exe
SLService /*SmartLinkService*/@ = slserv.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" /*file not found*/
WebrootSpySweeperService /*Sistema Webroot Spy Sweeper*/@ = "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe"
WinDefend /*Windows Defender*/@ = "C:\Programmi\Windows Defender\MsMpEng.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@WinampAgent:C:\Programmi\Winamp\winampa.exe /*file not found*/ = :C:\Programmi\Winamp\winampa.exe /*file not found*/
@SunJavaUpdateSched:"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" /*file not found*/ = :"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" /*file not found*/
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@PHIME2002ASync:"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC /*file not found*/ = :"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC /*file not found*/
@PHIME2002A:"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName /*file not found*/ = :"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName /*file not found*/
@PCMService"c:\Apps\Powercinema\PCMService.exe" = "c:\Apps\Powercinema\PCMService.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@DownloadAccelerator"C:\PROGRA~1\DAP\DAP.EXE" /STARTUP = "C:\PROGRA~1\DAP\DAP.EXE" /STARTUP
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@Collegamento alla pagina delle propriet? di High Definition Audio(null) =
@ATIPTA"C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" = "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
@AlcWzrd:ALCWZRD.EXE /*file not found*/ = :ALCWZRD.EXE /*file not found*/
@Alcmtr:ALCMTR.EXE /*file not found*/ = :ALCMTR.EXE /*file not found*/
@ACTIVBOARDc:\apps\ABoard\ABoard.exe = c:\apps\ABoard\ABoard.exe
@CaISSDT"C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe" = "C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe"
@eTrustPPAP"C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" = "C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@SoundMan:SOUNDMAN.EXE /*file not found*/ = :SOUNDMAN.EXE /*file not found*/
@Windows Defender"C:\Programmi\Windows Defender\MSASCui.exe" -hide = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
@SpySweeper"C:\Programmi\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray = "C:\Programmi\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
@avast!:C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = :C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/
@a-squared"C:\Programmi\a-squared Anti-Malware\a2guard.exe" /*file not found*/ = "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /*file not found*/
@a-squared Anti-Dialer"C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" = "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@drvsyskitC:\Documents and Settings\DANIELE\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\DANIELE\Dati applicazioni\hidires\hidr.exe
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@Windows Registry Repair Pro"C:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 4 = "C:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 4
@updateMgr"C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 = "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@german.exeC:\WINDOWS\system32\wintems.exe = C:\WINDOWS\system32\wintems.exe
@Uniblue Registry Booster"C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe" /S = "C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe" /S
@Uniblue SpyEraser: /*file not found*/ = : /*file not found*/
@SpamBully 3 for Outlook Express"C:\Programmi\Axaware\Spam Bully 3 for OE\sb3oe.exe" install = "C:\Programmi\Axaware\Spam Bully 3 for OE\sb3oe.exe" install

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@cholecyst(null) =
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ >>>
SharedTaskScheduler@cholecyst =

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WIFD1F~1\MpShHook.dll = C:\PROGRA~1\WIFD1F~1\MpShHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Apps\RecordNow\shlext.dll = C:\Apps\RecordNow\shlext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\Programmi\Microsoft Office\Office10\MLSHEXT.DLL = C:\Programmi\Microsoft Office\Office10\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\Common\ymmapi.dll = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a-squared Context Menu Shell Extension*/C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/C:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL = C:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2ContMenu@{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}:C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll /*file not found*/ = :C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll /*file not found*/
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://it.yahoo.com = http://it.yahoo.com
@Start Pagehttp://it.yahoo.com = http://it.yahoo.com

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = about:blank

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\DANIELE\Menu Avvio\Programmi\Esecuzione automatica >>>
Trend Micro Anti-Spyware.lnk = Trend Micro Anti-Spyware.lnk
Tuttogratis Alert.lnk = Tuttogratis Alert.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
ADSL Diagnostic Tools.LNK = ADSL Diagnostic Tools.LNK
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Digisoft AntiDialer.lnk = Digisoft AntiDialer.lnk
Microsoft Office.lnk = Microsoft Office.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk
~Disabled = ~Disabled

---- EOF - GMER 1.0.12 ----

il log di rootkit però è lunghissimo.
Lo devo postare ugualmente.
Grazie ancora

Ciao e benvenuto

Nono, basta quello di Autostart... anzi, bastava solo sapere l'unità su quale è installato il sistema operativo ed il nome dell'tuo utente sul pc, cioè DANIELE.

Questo è lo script:

Files to delete:
C:\Documents and Settings\DANIELE\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\DANIELE\Dati applicazioni\hidires\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe

folders to delete:
C:\Documents and Settings\DANIELE\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr

Postami il log di Avenger, per sapere come andata.

...cavoli che velocità..
ok grazie ancora ti so dire ciao

Scusa l'ignoranza informatica...ma finita la procedura con avenger il pc si è riavviato..come posso fornirti il log ora? rifaccio lo script su avenger?

Il log era quello riapparso subito dopo il riavvio, si trova anche nella cartella C:\Avenger

Non dimenticare di eseguire il resto delle pulizie, seguendo questa guida.

Riciao.
Sì la procedura che mi segnali per la pulizia l'avevo poi seguita...facendo però la scansione con l'antivirus di AVG free mi segnalava la presenza di virus nella cartella C:\Avenger dove in effetti erano presenti le cartelle exefld e quella nasccosta hidires oggetto del virus bagle...le ho cancellate, ho fatto male? tra l'altro erano le uniche 2 cartelle presenti in C:\Avenger, non ci sono altri files/documenti.

Grazie

Hai fatto bene ad eliminare il backup di Avenger, anche se in quella posizione i file infetti non rappresentavano più il pericolo.

ciaoo..però non ho capito come posso riuscire a postarti il log di avenger..comunque vedo che funziona tutto bene
grazie ancora

Salve a tutti, anch'io come Hart sono una vostra nuova iscritta e grazie ai vostri articoli sono riuscita ad individuare il problema legato al mio PC: anche nel mio caso si è inserito un Bagle.
Ho seguito le vostre istruzioni facendo la scansione con GEMR e qui di seguito vi posto l'esito dell'autostart anche perché a quanto ho già letto mi sembra sufficiente per poter generare lo script da immettere in AVENGER.

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-27 22:33:41
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StuffIt Task Manager /*StuffIt Task Manager*/@ = C:\PROGRA~1\Allume\StuffIt\MXTask.exe -Service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@ /*file not found*/ = /*file not found*/
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@SinapsiAntispamC:\Programmi\Sinapsi Antispam\SinapsiAntispam.exe = C:\Programmi\Sinapsi Antispam\SinapsiAntispam.exe
@RegistryMechanic /*file not found*/ = /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@AnyDVDC:\Programmi\SlySoft\AnyDVD\AnyDVD.exe = C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
@drvsyskitC:\Documents and Settings\JACK\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\JACK\Dati applicazioni\hidires\hidr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} /*TuneUp Shredder Shell Context Menu Extension*/"C:\Programmi\TuneUp Utilities 2006\sdshelex.dll" = "C:\Programmi\TuneUp Utilities 2006\sdshelex.dll"
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{3FBFD0B0-EB46-4797-9101-615610E87DA6} /*StuffIt Compress Menu*/C:\Programmi\Allume\StuffIt\CompressMenu.dll = C:\Programmi\Allume\StuffIt\CompressMenu.dll
@{09308CE0-6ECC-4DB6-A957-2AD37E5E3C7E} /*StuffIt Archive Menu*/C:\Programmi\Allume\StuffIt\ArchiveMenu.dll = C:\Programmi\Allume\StuffIt\ArchiveMenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
StuffIt Compress Menu@{3FBFD0B0-EB46-4797-9101-615610E87DA6} = C:\Programmi\Allume\StuffIt\CompressMenu.dll
TuneUp Shredder@{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programmi\TuneUp Utilities 2006\sdshelex.dll"
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
TuneUp Shredder@{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programmi\TuneUp Utilities 2006\sdshelex.dll"
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
StuffIt Compress Menu@{3FBFD0B0-EB46-4797-9101-615610E87DA6} = C:\Programmi\Allume\StuffIt\CompressMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.fastweb.it/myfastpage/res/ = http://www.fastweb.it/myfastpage/res/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Microsoft Office.lnk

---- EOF - GMER 1.0.12 ----


Aspetto presto una vostra risposta e vi ringrazio in anticipo per il prezioso aiuto che mi avete già dato e per quello che mi arriverà.

@Matrioska

Passavo di qua, e mi sono permesso di rubare un po' di lavoro ad Amantide..

Puoi scaricare the avenger da qua: http://swandog46.geekstogo.com/avenger.zip
Esegui seleziona input script manually, lente di ingrandimento, copia lo script nella finestra, click done, semaforo verde e rispondi di sì. Il pc sarà riavviato. Una volta riavviato comparirà un log dentro al notepad, copialo e riportalo sul forum. Se non comparisse prova a cercarlo dentro la cartella c:\avenger.

Script da copiare:

Files to delete:
C:\Documents and Settings\JACK\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\JACK\Dati applicazioni\hidires\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe

folders to delete:
C:\Documents and Settings\JACK\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr

Infine leggiti l'articolo di Amantide http://www.MegaLab.it/2657 e segui tutti i passaggi della parte: cenni finali.
Ciao!

hart ha scritto:ciaoo..però non ho capito come posso riuscire a postarti il log di avenger..comunque vedo che funziona tutto bene
grazie ancora

Non ti preoccupare per il log di Avenger, importante è che il pc ora funziona bene.

@ bReAkDOwN

Fai fai, i nuovi collaboratori sono sempre graditi

@ MATRIOSKA
Benvenuta MATRIOSKA, segui le istruzioni di prima e facci sapere i risultati

P.S. Ah! In russo si dice matrioshka

Ho seguito con attenzione tutta la procedura et... voilà ora funziona tutto come prima.
Grazie mille.
PS: Per Amantide grazie anche della delucidazione lessicale sul nick.

Grazie ancora di tutto mi avete evitato parecchie rotture.
ciao

Ciao a tutti!
Potete per favore postarmi lo script per Avenger???
Questo è lo scan dell'Autostart eseguito da Gmer....



1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-12 18:08:47
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msldr32@DLLName = msldr32.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe" /*file not found*/
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe /*file not found*/
KodakCCS /*Kodak Camera Connection Software*/@ = %SystemRoot%\system32\drivers\KodakCCS.exe
Luteq /*DirectX Service*/@ = C:\windows\system32\directx.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe"
ScsiAccess /*ScsiAccess*/@ = C:\WINDOWS\system32\ScsiAccess.EXE
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UserAccess7 /*SecuROM User Access Service (V7)*/@ = C:\WINDOWS\system32\UAService7.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CnxDslTaskBar"C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" = "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
@BearShare"C:\Programmi\BearShare\BearShare.exe" /pause = "C:\Programmi\BearShare\BearShare.exe" /pause
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@drvsyskitC:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe
@Uniblue Registry BoosterC:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe /S /*file not found*/ = C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe /S /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@0aMCPClient(null) =
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\windows\system32\extmgr.dll = C:\windows\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{acb4a560-3606-11d3-aef4-00104bd0f92d} /*KodakShellExtension*/C:\Programmi\File comuni\KODAK\IFSCore\kodakshx.dll = C:\Programmi\File comuni\KODAK\IFSCore\kodakshx.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/(null) =
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{ABC70703-32AF-11d4-90C4-D483A70F4825} /*CMenuExtender*/C:\windows\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll = C:\windows\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\Programmi\File comuni\Microsoft Shared\Web Folders\msonsext.dll = C:\Programmi\File comuni\Microsoft Shared\Web Folders\msonsext.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\windows\system32\dfshim.dll = C:\windows\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\windows\system32\dfshim.dll = C:\windows\system32\dfshim.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{acdece20-a9d8-11d4-ace1-e0ae57c10001} /*Game Lad*/ = C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX02.662\Pokemon (incl. Saphire+Ruby) Gameboy ROMs (GBA,GB,GBC) in English+Deutsch+Tipps(Deutsch)+Emulator\Emulator\Game Lad (gb,gbc)\Game Lad.dll /*file not found*/

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
CMenuExtender@{ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\windows\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{0D3DF160-C4EB-4389-9163-6150054025C1}C:\WINDOWS\system32\kcdhe220.dll /*file not found*/ = C:\WINDOWS\system32\kcdhe220.dll /*file not found*/
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{E7E9F57E-2947-40B1-9BBF-0896D19C092F}C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DP9F.dll = C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DP9F.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local Page\blank.htm = \blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica = PowerReg Scheduler V3.exe

---- EOF - GMER 1.0.12 ----

Ciao e benvenuto

Oltre al Bagle hai un altro po' di schifezzuole varie, ecco lo script per Avenger:

Files to delete:
C:\Documents and Settings\Administrator\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DP9F.dll
C:\WINDOWS\system32\kcdhe220.dll
C:\windows\system32\directx.exe
C:\WINDOWS\SYSTEM32\msldr32.dll

folders to delete:
C:\Documents and Settings\Administrator\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D3DF160-C4EB-4389-9163-6150054025C1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E9F57E-2947-40B1-9BBF-0896D19C092F}
HKLM\SYSTEM\CurrentControlSet\Services\Luteq
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msldr32

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr

Per eliminare il resto e ripristinare l'uso della modalità provvisoria ed alcuni servizi terminati leggi ultima pagina di questo articolo

Grazie mille!
...poi ti faccio sapere....

sembra tutto ok... grazie!

Se vuoi questo è il risultato...


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jqgwftmt

*******************

Script file located at: \??\C:\Program Files\icljikup.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Administrator\Dati applicazioni\hidires\m_hook.sys deleted successfully.
File C:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034

File C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DP9F.dll deleted successfully.


File C:\WINDOWS\system32\kcdhe220.dll not found!
Deletion of file C:\WINDOWS\system32\kcdhe220.dll failed!

Could not process line:
C:\WINDOWS\system32\kcdhe220.dll
Status: 0xc0000034

File C:\windows\system32\directx.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\msldr32.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\msldr32.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\msldr32.dll
Status: 0xc0000034

Folder C:\Documents and Settings\Administrator\Dati applicazioni\hidires deleted successfully.


Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Luteq deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D3DF160-C4EB-4389-9163-6150054025C1} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E9F57E-2947-40B1-9BBF-0896D19C092F} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msldr32 deleted successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Mi raccomando, installa il prima possibile un' antivirus, ti consiglio Antivir PE, e fai la scansione completa dalla modalità provvisoria.

ciao a tutti anch'io ho quest'incubo... volevo chiedervi ma è normale avere problemi con internet explorer con questo virus??? del tipo che mi mancano dei file dll??
vabbè vi invio il mio log

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-13 00:02:38
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = MsgPlusLoader.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundMAXPnPC:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe = C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
@SoundMAX"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray = "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@DownloadAccelerator"C:\Programmi\DAP\DAP.EXE" /STARTUP = "C:\Programmi\DAP\DAP.EXE" /STARTUP
@CnxTrApprundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB" = rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@BitTorrent"C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized = "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
@NBJ"C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" = "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@drvsyskitC:\Documents and Settings\end user\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\end user\Dati applicazioni\hidires\hidr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/(null) =
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*Bluetooth Neighborhood*/C:\WINDOWS\system32\BTNeighborhood.dll = C:\WINDOWS\system32\BTNeighborhood.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.comune.bari.it/ = http://www.comune.bari.it/

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.comune.bari.it/ = http://www.comune.bari.it/
@Local Page\blank.htm = \blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.12 ----

spero di risolvere presto questo problema... premetto nn sono espertissima quindi help me....