Esegui ![[;)]](http://www.megalab.it/forum/images/smilies/wink.gif "Occhiolino")
Comunque nei processi c'è explorer.exe e 4 di iexplore.exe
![[...]](http://www.megalab.it/forum/images/smilies/mellow.gif "Senza Parole")
è normale?
-
- Annuncio Pubblicitario
Ewido Bloccato e Avast Disattivato.. aiuto!
94 messaggi
• Pagina 3 di 5 • 1, 2, 3, 4, 5
da Amantide » mer gen 03, 2007 11:32 pm
monykina ha scritto:csrss
Cosi va meglio
perché csrr.exe è un trojan.downloader ![[acc2]](http://www.megalab.it/forum/images/smilies/Acc.gif "Oh cacchio!")
Comunque nei processi c'è explorer.exe e 4 di iexplore.exe
explorer.exe è la shell grafica di windows, è la veste del SO: il desktop, icone ecc.
iexplorer.exe... usi ancora IE per navigare?
![[sedia]](http://www.megalab.it/forum/images/smilies/chair.gif "Sediate!")
Per la lentezza, prova a fare un po' di pulizia con i pulitori di registro, un po' di defrag ed anche scandisk.
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
da Amantide » gio gen 04, 2007 12:37 pm
monykina ha scritto:EhM in realtà non ho proprio idea di come si installi l'altro che mi hai consigliato. E poi perché IE non va bene?
Per la deframmentazione e scandisk basta che vai su Risorse del computer, clicchi con il tasto destro sul un unità a volta--> Proprietà--> Strumenti.
Per IE... basta che leggi un po' il forum per capire perché non va bene.ò Oltre ad essere estremamente spartano e presentare mille bug, è anche una ciofeca sul lato di sicurezza. Prova Opera o Firefox e scoprirai un mondo nuovo
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
da Amantide » gio gen 04, 2007 12:59 pm
monykina ha scritto:hO capito.. e come faccio a mettere Firefox per esempio?
Come un qualsiasi altro software. Puoi anche installarli entrambi e vedere quale ti piace di più.
http://www.opera.com/
http://www.mozilla-europe.org/it/products/firefox/
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
![[std]](http://www.megalab.it/forum/images/smilies/happy.gif "Smile")
da Amantide » gio gen 04, 2007 1:17 pm
monykina ha scritto:Ma devo prima togliere IE? scusa ma non so proprio da dove partire.
No no, lascialo stare dov'è, purtroppo IE rimane indispensabile almeno per WindowsUpdate.
Puoi installare quanti browser ti pare, dovrai solo definire quale di loro verrà usato come predefinito.
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
da Amantide » gio gen 04, 2007 1:22 pm
monykina ha scritto:mmm.. ma poi non si appesantisce solo il pc? se caricherà IE e firefox? Scusa ma sono un po ignorantuccia in materia
Siamo un bel po' off topic qui
![[fischio]](http://www.megalab.it/forum/images/smilies/whistling.gif "Fischiettando")
Comunque no, non vengono caricati all' avvio e non hai nessun bisogno di usare più browser contemporaneamente. Quindi non c'è il pericolo di rallentamento del pc a causa dei più browser installati.
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
![[:D]](http://www.megalab.it/forum/images/smilies/fragorosa_risata.gif "Fragorosa risata")
da wolly76 » gio gen 04, 2007 3:07 pm
Ciao Amantide sono nuovo del forum e volevo sapere se potevi dare una mano anche a me!!!
Ho lo stesso identico problema di monykina nel senso che avast si disinstalla da solo e non riesco ad installare + nessun tipo di antivirus.
Ho provato ad eseguire i due removal tool che le hai consigliato ma mi dice che non sono presenti i trojan.
Sono davveropoco pratico del pc e le altre cose che le hai consigliato non ho idea di che cosa siano mi puoi aiutare almeno a capire se il trojan è lo stesso???
Come faccio a darti le informazioni che ti servono?
Ti ringrazio un sacchissimo
Ho lo stesso identico problema di monykina nel senso che avast si disinstalla da solo e non riesco ad installare + nessun tipo di antivirus.
Ho provato ad eseguire i due removal tool che le hai consigliato ma mi dice che non sono presenti i trojan.
Sono davveropoco pratico del pc e le altre cose che le hai consigliato non ho idea di che cosa siano mi puoi aiutare almeno a capire se il trojan è lo stesso???
Come faccio a darti le informazioni che ti servono?
Ti ringrazio un sacchissimo
-
wolly76 - Senior Member
- Messaggi: 354
- Iscritto il: gio gen 04, 2007 2:54 pm
- Località: C:\WINDOWS
da crazy.cat » gio gen 04, 2007 3:13 pm
wolly76 ha scritto:Come faccio a darti le informazioni che ti servono?
comincia con una scansione di hijackthis
http://www.MegaLab.it/2286
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da wolly76 » gio gen 04, 2007 3:21 pm
Wow subito una risposta non pensavo che ci fosse questa velocità.
Infatti ora sono a lavoro mentre il pc "malato" è a casa, appena ritorno ti posto il risultato dello scan.
Grazie mille
Infatti ora sono a lavoro mentre il pc "malato" è a casa, appena ritorno ti posto il risultato dello scan.
Grazie mille
-
wolly76 - Senior Member
- Messaggi: 354
- Iscritto il: gio gen 04, 2007 2:54 pm
- Località: C:\WINDOWS
da wolly76 » gio gen 04, 2007 7:23 pm
ciaooo
Sono tornato a casa e ho fatto lo scan con hijackthis e già che c'ero ho fatto anche quello con gmer incominciando con l'autostart ti posto prima quello ottenuto da hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18.16.11, on 04/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WgaTray.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
F:\WINDOWS\system32\GSICON.EXE
F:\WINDOWS\system32\dslagent.exe
F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
F:\Programmi\Microsoft ActiveSync\wcescomm.exe
F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
F:\Programmi\RedStrike\UltraWipe\Launcher.exe
F:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
F:\Programmi\BulletProofSoft.com\SpywareRemover\A49B1961.DLL
F:\Programmi\Alice ti aiuta\bin\mpbtn.exe
F:\Programmi\WinRAR\WinRAR.exe
F:\Programmi\Windows NT\Accessori\wordpad.exe
F:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX09.422\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Programmi\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Smapp] F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [spywatch] F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = F:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = F:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Ultra Wipe Launcher.lnk = F:\Programmi\RedStrike\UltraWipe\Launcher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Programmi\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Sono tornato a casa e ho fatto lo scan con hijackthis e già che c'ero ho fatto anche quello con gmer incominciando con l'autostart ti posto prima quello ottenuto da hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18.16.11, on 04/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WgaTray.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
F:\WINDOWS\system32\GSICON.EXE
F:\WINDOWS\system32\dslagent.exe
F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
F:\Programmi\Microsoft ActiveSync\wcescomm.exe
F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
F:\Programmi\RedStrike\UltraWipe\Launcher.exe
F:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
F:\Programmi\BulletProofSoft.com\SpywareRemover\A49B1961.DLL
F:\Programmi\Alice ti aiuta\bin\mpbtn.exe
F:\Programmi\WinRAR\WinRAR.exe
F:\Programmi\Windows NT\Accessori\wordpad.exe
F:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX09.422\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Programmi\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Smapp] F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [spywatch] F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = F:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = F:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Ultra Wipe Launcher.lnk = F:\Programmi\RedStrike\UltraWipe\Launcher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Programmi\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
-
wolly76 - Senior Member
- Messaggi: 354
- Iscritto il: gio gen 04, 2007 2:54 pm
- Località: C:\WINDOWS
da wolly76 » gio gen 04, 2007 7:24 pm
questo invece è l'autostart di gmer
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-04 18:19:24
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = F:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
NavLogon@DLLName = F:\WINDOWS\system32\NavLogon.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@SmappF:\Programmi\Analog Devices\SoundMAX\SMTray.exe = F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@NeroFilterCheckF:\WINDOWS\system32\NeroCheck.exe = F:\WINDOWS\system32\NeroCheck.exe
@PinnacleDriverCheckF:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
@PMCRemoteF:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe = F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
@NWEReboot /*file not found*/ = /*file not found*/
@hldrrrF:\WINDOWS\system32\hldrrr.exe = F:\WINDOWS\system32\hldrrr.exe
@NvCplDaemonRUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
@avast!F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@H/PC Connection Agent"F:\Programmi\Microsoft ActiveSync\wcescomm.exe" = "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@BitTorrent"F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized /*file not found*/ = "F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized /*file not found*/
@spywatchF:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP = F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
@drvsyskitF:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe = F:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe
@hldrrrF:\WINDOWS\system32\hldrrr.exe = F:\WINDOWS\system32\hldrrr.exe
@updateMgr"F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 = "F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/F:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = F:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/F:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = F:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/F:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = F:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/F:\Programmi\Microsoft Office\OFFICE11\msohev.dll = F:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{BDA77241-42F6-11d0-85E2-00AA001FE28C} /*LDVP Shell Extensions*/(null) =
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/F:\PROGRA~1\Yahoo!\Common\ymmapi.dll = F:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/F:\PROGRA~1\MICROS~3\Wcesview.dll = F:\PROGRA~1\MICROS~3\Wcesview.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/F:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = F:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{00e72351-c3bd-48cd-b090-77ea0d87a10a} /*Uw Shell Extension*/F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll = F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/F:\Programmi\WinRAR\rarext.dll = F:\Programmi\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/F:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = F:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/F:\WINDOWS\system32\nvcpl.dll = F:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/F:\WINDOWS\system32\nvcpl.dll = F:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/F:\Programmi\Alwil Software\Avast4\ashShell.dll = F:\Programmi\Alwil Software\Avast4\ashShell.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = F:\Programmi\Alwil Software\Avast4\ashShell.dll
UltraWipe@{00e72351-c3bd-48cd-b090-77ea0d87a10a} = F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = F:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = F:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = F:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = F:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}F:\Programmi\Yahoo!\Common\yiesrvc.dll = F:\Programmi\Yahoo!\Common\yiesrvc.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageF:\WINDOWS\system32\blank.htm = F:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = F:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = F:\WINDOWS\system32\msvidctl.dll
its@CLSID = F:\WINDOWS\system32\itss.dll
livecall@CLSID = F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = F:\WINDOWS\system32\itss.dll
msnim@CLSID = F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = F:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = F:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = F:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = F:\WINDOWS\system32\wiascr.dll
F:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica = Utilità controllo supporti di Cyber-shot Viewer.lnk
F:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
Alice ti aiuta.lnk = Alice ti aiuta.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
NaturalColorLoad.lnk = NaturalColorLoad.lnk
Ultra Wipe Launcher.lnk = Ultra Wipe Launcher.lnk
---- EOF - GMER 1.0.12 ----
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-04 18:19:24
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = F:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
NavLogon@DLLName = F:\WINDOWS\system32\NavLogon.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@SmappF:\Programmi\Analog Devices\SoundMAX\SMTray.exe = F:\Programmi\Analog Devices\SoundMAX\SMTray.exe
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@NeroFilterCheckF:\WINDOWS\system32\NeroCheck.exe = F:\WINDOWS\system32\NeroCheck.exe
@PinnacleDriverCheckF:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = F:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
@PMCRemoteF:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe = F:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
@NWEReboot /*file not found*/ = /*file not found*/
@hldrrrF:\WINDOWS\system32\hldrrr.exe = F:\WINDOWS\system32\hldrrr.exe
@NvCplDaemonRUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
@avast!F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@H/PC Connection Agent"F:\Programmi\Microsoft ActiveSync\wcescomm.exe" = "F:\Programmi\Microsoft ActiveSync\wcescomm.exe"
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "F:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@BitTorrent"F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized /*file not found*/ = "F:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized /*file not found*/
@spywatchF:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP = F:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
@drvsyskitF:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe = F:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe
@hldrrrF:\WINDOWS\system32\hldrrr.exe = F:\WINDOWS\system32\hldrrr.exe
@updateMgr"F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 = "F:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/F:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = F:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/F:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = F:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/F:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = F:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/F:\Programmi\Microsoft Office\OFFICE11\msohev.dll = F:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{BDA77241-42F6-11d0-85E2-00AA001FE28C} /*LDVP Shell Extensions*/(null) =
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/F:\PROGRA~1\Yahoo!\Common\ymmapi.dll = F:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/F:\PROGRA~1\MICROS~3\Wcesview.dll = F:\PROGRA~1\MICROS~3\Wcesview.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/F:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = F:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{00e72351-c3bd-48cd-b090-77ea0d87a10a} /*Uw Shell Extension*/F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll = F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = F:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/F:\Programmi\WinRAR\rarext.dll = F:\Programmi\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/F:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = F:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/F:\WINDOWS\system32\nvcpl.dll = F:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/F:\WINDOWS\system32\nvcpl.dll = F:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/F:\WINDOWS\system32\nvshell.dll = F:\WINDOWS\system32\nvshell.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/F:\Programmi\Alwil Software\Avast4\ashShell.dll = F:\Programmi\Alwil Software\Avast4\ashShell.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = F:\Programmi\Alwil Software\Avast4\ashShell.dll
UltraWipe@{00e72351-c3bd-48cd-b090-77ea0d87a10a} = F:\PROGRA~1\REDSTR~1\ULTRAW~1\uwshext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = F:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = F:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = F:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = F:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}F:\Programmi\Yahoo!\Common\yiesrvc.dll = F:\Programmi\Yahoo!\Common\yiesrvc.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageF:\WINDOWS\system32\blank.htm = F:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = F:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = F:\WINDOWS\system32\msvidctl.dll
its@CLSID = F:\WINDOWS\system32\itss.dll
livecall@CLSID = F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = F:\WINDOWS\system32\itss.dll
msnim@CLSID = F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = F:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = F:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = F:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = F:\WINDOWS\system32\wiascr.dll
F:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica = Utilità controllo supporti di Cyber-shot Viewer.lnk
F:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
Alice ti aiuta.lnk = Alice ti aiuta.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
NaturalColorLoad.lnk = NaturalColorLoad.lnk
Ultra Wipe Launcher.lnk = Ultra Wipe Launcher.lnk
---- EOF - GMER 1.0.12 ----
-
wolly76 - Senior Member
- Messaggi: 354
- Iscritto il: gio gen 04, 2007 2:54 pm
- Località: C:\WINDOWS
da wolly76 » gio gen 04, 2007 7:37 pm
Invece quando faccio partire gmer per fare rootkit mi esce il seguente messaggio:
Warning!!!
GMER has found system modification, witch might have been caused by ROOTKIT activity.
dou you want to fully scan your system????
CHE DEVO FARE AIUTATEMIIIIIIIIIIII
Grazie
Warning!!!
GMER has found system modification, witch might have been caused by ROOTKIT activity.
dou you want to fully scan your system????
CHE DEVO FARE AIUTATEMIIIIIIIIIIII
Grazie
-
wolly76 - Senior Member
- Messaggi: 354
- Iscritto il: gio gen 04, 2007 2:54 pm
- Località: C:\WINDOWS
da Amantide » gio gen 04, 2007 7:52 pm
Hai fatto benissimo a postare anche il log di Gmer ![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
, dovo aver visto quello di Hijackthis te lo avrei chiesto comunque ![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")
Infatti hai lo stesso virus di monykina e qualcosina in più.
Intanto scarica Avenger ed esegui questo script, speriamo che basti:
Files to delete:
F:\WINDOWS\system32\hldrrr.exe
F:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe
F:\Documents and Settings\Administrator\Dati applicazioni\hidires\m_hook.sys
F:\Windows\System32\wintems.exe
folders to delete:
F:\Documents and Settings\Administrator\Dati applicazioni\hidires
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | NWEReboot
registry keys to delete:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook
HKEY_CURRENT_USER\Software\FirstRRRun
P.S. Il fatto che non riesci a fare la scansione della sezione rootkit è dovuto al rootkit m_hook.sys che aveva anche monykina. Intanto esegui lo script e poi vediamo se abbiamo risolto.
, dovo aver visto quello di Hijackthis te lo avrei chiesto comunque
Infatti hai lo stesso virus di monykina e qualcosina in più.
Intanto scarica Avenger ed esegui questo script, speriamo che basti:
Files to delete:
F:\WINDOWS\system32\hldrrr.exe
F:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe
F:\Documents and Settings\Administrator\Dati applicazioni\hidires\m_hook.sys
F:\Windows\System32\wintems.exe
folders to delete:
F:\Documents and Settings\Administrator\Dati applicazioni\hidires
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | NWEReboot
registry keys to delete:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook
HKEY_CURRENT_USER\Software\FirstRRRun
P.S. Il fatto che non riesci a fare la scansione della sezione rootkit è dovuto al rootkit m_hook.sys che aveva anche monykina. Intanto esegui lo script e poi vediamo se abbiamo risolto.
Ultima modifica di Amantide il gio gen 04, 2007 8:00 pm, modificato 1 volta in totale.
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
da Amantide » gio gen 04, 2007 7:58 pm
@ monikyna
Non posso credere ma avevo commesso un errore madornale e me ne sono accorta solo ora. Compilando lo script per avenger avevo sbagliato ad indicare la directory esatta per il file wintems.exe, anzichè scrivere E avevo mecco la C![[V]](http://www.megalab.it/forum/images/smilies/sad.gif "Triste")
Penso che a questo punto i rallentamenti che hai possono essere dovuti all'attivita di questo file. Per sicurezza riesegui lo script per avenger inserendo anche quel altro file che ha wolly76.
E:\WINDOWS\system32\wintems.exe
E:\WINDOWS\system32\hldrrr.exe
Non posso credere ma avevo commesso un errore madornale e me ne sono accorta solo ora. Compilando lo script per avenger avevo sbagliato ad indicare la directory esatta per il file wintems.exe, anzichè scrivere E avevo mecco la C
Penso che a questo punto i rallentamenti che hai possono essere dovuti all'attivita di questo file. Per sicurezza riesegui lo script per avenger inserendo anche quel altro file che ha wolly76.
E:\WINDOWS\system32\wintems.exe
E:\WINDOWS\system32\hldrrr.exe
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
94 messaggi
• Pagina 3 di 5 • 1, 2, 3, 4, 5
Chi c’è in linea
Visitano il forum: Nessuno e 1 ospite
megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising