Pagina 1 di 1

Nod32 non si installa piu...

MessaggioInviato: sab lug 07, 2007 10:21 pm
da Marvho
da 4 giorni combatto con sti virus infami... ne avro tolto un 3/4 ... ora
sono arrivato ad eliminare 2 varianti del beagle, quella con voce "rosa" e "hlrrr"

tuttavia quando tento di installare nod, il programma si blocca e non va avanti.
terminando forzatamente la procedura, nonostante non appaia nei programmi installati, e nemmeno si faccia disinstallare, parte e non trova ovviamente i dati per operare....
manco a dirlo, non sono abilitate le scansioni on line..

allego il log di gmer. sperando in un aiuto...

ultimo log
*********************************
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-07 21:46:32
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.13 ----

? srescan.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Impossibile trovare il file specificato.

---- User code sections - GMER 1.0.13 ----

.text C:\Documents and Settings\Marco\Desktop\gmer.exe[1028] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\explorer.exe[3600] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\notepad.exe[4048] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[4056] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

---- Devices - GMER 1.0.13 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 872EE750
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 872EE750
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 872EE750
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 872EE750
Device \Driver\nvatabus \Device\00000080 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76F08B4] sfsync02.sys
Device \Driver\nvatabus \Device\00000081 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76F08B4] sfsync02.sys
Device \Driver\nvatabus \Device\00000082 IRP_MJ_INTERNAL_DEVICE_CONTROL

MessaggioInviato: sab lug 07, 2007 10:26 pm
da Marvho
ok essere nubbi ma perche non mi fa vedere che la prima parte del log??
[nonono]

c'è forse un limite di caratteri per post??
[uhm]

Gem lista avvio automatico
************************
GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-07-07 21:46:52
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
a2AntiMalware /*a-squared Anti-Malware Service*/@ = C:\Programmi\a-squared Anti-Malware\a2service.exe
btwdins /*Bluetooth Service*/@ = C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
DVD-RAM_Service /*DVD-RAM_Service*/@ = C:\WINDOWS\System32\DVDRAMSV.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
MSIServer /*Windows Installer*/@ = C:\WINDOWS\system32\msiexec.exe /V
NetDDE /*DDE di rete*/@ = %SystemRoot%\system32\netdde.exe
NetDDEdsdm /*DDE DSDM di rete*/@ = %SystemRoot%\system32\netdde.exe
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UserAccess7 /*SecuROM User Access Service (V7)*/@ = C:\WINDOWS\system32\UAService7.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvMixerTrayC:\Programmi\NVIDIA Corporation\NvMixer\NvMixerTray.exe = C:\Programmi\NVIDIA Corporation\NvMixer\NvMixerTray.exe
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@GrooveMonitor"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" = "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
@Launch LCDMon"C:\Programmi\File comuni\Logitech\LCD Manager\lcdmon.exe" = "C:\Programmi\File comuni\Logitech\LCD Manager\lcdmon.exe"
@Launch LGDCore"C:\Programmi\File comuni\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE = "C:\Programmi\File comuni\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@a-squared"C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60 = "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60
@nwiznwiz.exe /install = nwiz.exe /install

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy2\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy2\TeaTimer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{56F9679E-7826-4C84-81F3-532071A8BCC5}C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll = C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F802F260-519B-11D1-BB5D-0060974C6013} /*ICQ Shell Extension*/C:\Programmi\ICQ\ICQShExt.dll = C:\Programmi\ICQ\ICQShExt.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office12\msohevi.dll = C:\Programmi\Microsoft Office\Office12\msohevi.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\BTNEIG~1.DLL = C:\WINDOWS\system32\BTNEIG~1.DLL
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/(null) =
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/C:\Programmi\SmartFTP\smarthook.dll = C:\Programmi\SmartFTP\smarthook.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/(null) =
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Deskbar*/(null) =
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Programmi\Windows Desktop Search\msnlExt.dll = C:\Programmi\Windows Desktop Search\msnlExt.dll
@{D426CFD0-87FC-4906-98D9-A23F5D515D61} /*Windows Desktop Search Outlook Express ISearchFolder Class*/C:\Programmi\Windows Desktop Search\OEPH.dll = C:\Programmi\Windows Desktop Search\OEPH.dll
@CorelDRAW Shell Extension Component /*CorelDRAW Shell Extension Component*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a-squared Anti-Malware Shell Extension*/C:\Programmi\a-squared Anti-Malware\a2contmenu.dll = C:\Programmi\a-squared Anti-Malware\a2contmenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a-squared Anti-Malware Shell Extension@{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\Programmi\a-squared Anti-Malware\a2contmenu.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{2F85D76C-0569-466F-A488-493E6BD0E955}C:\Programmi\Windows Desktop Search\dsWebAllow.dll = C:\Programmi\Windows Desktop Search\dsWebAllow.dll
@{31FF080D-12A3-439A-A2EF-4BA95A3148E8}C:\Programmi\GetRight\xx2gr.dll = C:\Programmi\GetRight\xx2gr.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~2\SDHelper.dll = C:\PROGRA~1\SPYBOT~2\SDHelper.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\Windows Live Toolbar\msntb.dll = C:\Programmi\Windows Live Toolbar\msntb.dll

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.bcf@Location = C:\Programmi\Internet Explorer\Plugins\NPBelv32.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
belarc@CLSID = C:\Programmi\Belarc\Advisor\System\BAVoilaX.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
grooveLocalGWS@CLSID = C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B51730-EF83-4327-8056-E6D15DFF18C8} /*Gigabit Ethernet rete locale*/ >>>
@IPAddress192.168.1.3 = 192.168.1.3
@NameServer =
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E010FA11-94F2-41DB-ACB8-1983546B44EE} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.3 = 192.168.1.3
@NameServer151.99.125.1,151.99.0.100 = 151.99.125.1,151.99.0.100
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000050@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

C:\Documents and Settings\Marco\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma.lnk = Adobe Gamma.lnk
Collegamento a BTTray.lnk = Collegamento a BTTray.lnk

---- EOF - GMER 1.0.13 ----
********************************

MessaggioInviato: dom lug 08, 2007 11:30 am
da crazy.cat
Hai provato ad installare un altro antivirus tipo antivir per o active virus shield?

Hai usato questo script per avenger?
Se provi a rifarlo alla fine posta qui il txt che ne risulta e vediamo se era sfuggito qualche file.

Codice: Seleziona tutto
Files to delete:
C:\Documents and Settings\marco\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\marco\Dati applicazioni\hidires\rosa.sys
C:\Documents and Settings\marco\Dati applicazioni\hidires\hidr.exe
c:\WINDOWS\system32\wintems.exe
c:\WINDOWS\system32\hldrrr.exe

folders to delete:
C:\Documents and Settings\marco\Dati applicazioni\hidires
c:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr

MessaggioInviato: dom lug 08, 2007 1:04 pm
da Marvho
no.. non ho provato perche avrei una licenza con nod... ma ora messo alle strette provero'...
ora do' un riavvio x lo script che mi hai fornito
e ti posto il log di avenger....
ma ho proprio paura che sara tutto negativo...
waith... [8)]

eccolo...
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wcpvtvwa

*******************

Script file located at: \??\C:\Documents and Settings\mofapdyw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\Documents and Settings\marco\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C:\Documents and Settings\marco\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C:\Documents and Settings\marco\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a



Could not open file C:\Documents and Settings\marco\Dati applicazioni\hidires\rosa.sys for deletion
Deletion of file C:\Documents and Settings\marco\Dati applicazioni\hidires\rosa.sys failed!

Could not process line:
C:\Documents and Settings\marco\Dati applicazioni\hidires\rosa.sys
Status: 0xc000003a



Could not open file C:\Documents and Settings\marco\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C:\Documents and Settings\marco\Dati applicazioni\hidires\hidr.exe failed!

Could not process line:
C:\Documents and Settings\marco\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a



File c:\WINDOWS\system32\wintems.exe not found!
Deletion of file c:\WINDOWS\system32\wintems.exe failed!

Could not process line:
c:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File c:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file c:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
c:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



Folder C:\Documents and Settings\marco\Dati applicazioni\hidires not found!
Deletion of folder C:\Documents and Settings\marco\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\marco\Dati applicazioni\hidires
Status: 0xc0000034



Folder c:\WINDOWS\exefld not found!
Deletion of folder c:\WINDOWS\exefld failed!

Could not process line:
c:\WINDOWS\exefld
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

insomma nulla...
puo essere qualche controllo activex ??
in mod. provvisoria entro adesso....
ma nod si blocca anche installandolo in md provvisoria
[cry+]
p.s.
potrebbe servire un log di hitjack?

****************************
Logfile of HijackThis v1.99.1
Scan saved at 20.51.44, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Logitech\LCD Manager\lcdmon.exe
C:\Programmi\File comuni\Logitech\G-series Software\LGDCore.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy2\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Programmi\Belkin\Software Bluetooth\BTTray.exe
C:\Programmi\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Marco\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmi\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Programmi\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmi\File comuni\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmi\File comuni\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy2\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Collegamento a BTTray.lnk = C:\Programmi\Belkin\Software Bluetooth\BTTray.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?aa3fbba713704c1b8ff3cf5f586d2c45
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?aa3fbba713704c1b8ff3cf5f586d2c45
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .bcf: C:\Programmi\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://marvho.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1225f8dbc04 ... 601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4052939984
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://cam1.ngilan.it/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E010FA11-94F2-41DB-ACB8-1983546B44EE}: NameServer = 151.99.125.1,151.99.0.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

*************************

MessaggioInviato: dom lug 08, 2007 5:29 pm
da crazy.cat
Io farei un tentativo con l'installazione di antivir pe, anche per fare una scansione che non ci sia qualche altro virus non visibile nei log e che blocca quindi nod.
Bagle non c'è più e hijackthis è a posto.
Vai con antivir pe, installa,aggiorna e scansiona.

MessaggioInviato: dom lug 08, 2007 7:08 pm
da Marvho
azz nel frattempo lo sto facendo con karpesky ... sono gia 4 ore che scansiona...
ma che è?? [:p]

MessaggioInviato: lun lug 09, 2007 10:37 pm
da Marvho
kaspersky non ha trovato nulla...
[nonono]

disinstallo e provo quello che mi hai consigliato??
[cry]

MessaggioInviato: mar lug 10, 2007 4:02 am
da H.J

MessaggioInviato: mer lug 11, 2007 11:48 am
da Marvho
Grazie per l'interesse... ma la soluzione non puo essere quella per un paio di ragioni....
la prima, è che nod 32 anche scaricato nuovo presenta un errore di checksum in fase di estrazione dell'archivio..
la seconda, è che l'ho fatta gia 6 o 7 volte, e non ha prodotto risultati...
per tenervi informati, ora scrivo con un vista installato su un altro disco,
e controllato l'altra unita con nod 32 risulta integra...
quindi accertato che non è un virus, mi rimane solo il guasto hardware..
nel mentre che scrivo sto facendo una copia dei file che mi servono, e quindi procedero' con un controllo accurato del disco... un Maxtor ata da 150 GB ...
se avete qualche utility da consigliarmi per fixare il disco consigliatemelo in PM che qui andiamo OT mi sa...

[cry]

P.s. Nod32 ha segnalato l'impossibilita' di scansionare il master boot record dell'unita....
a voi non puzza sta cosa??

MessaggioInviato: mer lug 11, 2007 12:41 pm
da crazy.cat
Marvho ha scritto:P.s. Nod32 ha segnalato l'impossibilita' di scansionare il master boot record dell'unita....
a voi non puzza sta cosa??

No, lo fa sempre.