www.MegaLab.it

[Rondinella]

Salve a tutti, sono nuova e sono infetta dal trojan

ctfmon32.dll
Locazione : Windows
Virus: Small-CKX

Come antivirus ho AVATS.

Dalle discussioni precedenti ho seguito un po le istruzioni ho copiato in average quello che avevate indicato a un altro utente e il risultato dell script è:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hyapr^lg

*******************

Script file located at: nocljjmt

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!




Che dite come posso proseguire il virus c'è ancora..cioè avast lo blocca sempre.


Grazie
Sara

[crazy.cat]

Comincia a postare il log della scansione di hijackthis
http://www.MegaLab.it/2286

[Amantide]

Arrivo sempre dopo di di te Marco

Ciao Rondinella e benvenuta

Più che il log di Hijackthis posta i log di scansione con Gmer delle sezioni Autostart e Rootkit.

[Rondinella]

Allora il log della scansione è il seguente:

Logfile of HijackThis v1.99.1
Scan saved at 17.08.25, on 07/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\service32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\mioengine.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Sara\IMPOST~1\Temp\Rar$EX00.250\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,userinit.exe
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - C:\WINDOWS\System32\mouseges.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\System32\apparat.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: m1a2 - {81566074-267F-41e3-A51B-2599A3AC9EC3} - C:\WINDOWS\System32\msx.dll (file missing)
O2 - BHO: Web Mon - {878E4122-A213-98AC-355B-3C723F572BA5} - C:\WINDOWS\System32\WebMon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [Soundlibs] C:\WINDOWS\soundlib.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\Sara\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPU ... 10,0,911,0
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads Mediabar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 499_it.exe
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Programmi\Batty\Batty.dll
O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\lpt1.kpq
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogAyx - Unknown owner - \\?\C:\Programmi\Windows NT\nul.exe (file missing)
O23 - Service: LogMzb - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\lpt4.exe (file missing)
O23 - Service: SysVgt - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt8.exe (file missing)
O23 - Service: UpdJxl - Unknown owner - \\?\C:\Programmi\File comuni\Services\nul.exe (file missing)





Questa è la scansione.
Grazie ancora

[Rondinella]

Gmer non riesco a scaricarlo la pagina non la trova avevo già provato.

[Amantide]

GMER lo puoi scaricare qui.

Per quanto riguarda il log di Hijackthis, oltre al ctfmon32.dll che è un trojan.clicker, hai anche il LinkOptimizer. Leggi questa guida sulla sua eliminazione e per prima cosa prova a fare le scansioni con VirIT ed il tool della Prevx.
I log di Gmer postameli lo stesso.

[Rondinella]

il tool di Prevx potrebbe essere questO?


Launching Scan
Removing rootkit file...
Gromozon rootkit component not detected - searching for other components


Removing malicious user's directory
Removing file: "\\?\c:\programmi\file comuni\services\nul.exe"
Removing service: UpdJxl
Scanning: C:\Programmi\File comuni
Scanning Windows Directory...

Scan finished normally
For a detailed log, please refer to \gromozon_removal.log


O devo scaricare il rpgramma.?

[Amantide]

Sisi, è quello.
hai già fatto la scansione con VirIT?

[crazy.cat]

Qualcosa ha trovato, ma ci sono moltissimi altri problemi nel tuo pc.
Scansiona con Virit aggiornato, elimini tutto quello che trova, e poi riposta un log di hijackthis e vediamo cosa è rimasto.

[Rondinella]

povero pc.

La scansione la sta eseguendo.

Molti file non li apre e li sta spostando in una cartella di quarentena.

appena termina vi farò sapere.


Ovviamente un grazie enorme...

[Amantide]

Poveri pc che sta soffrendo per colpa di quelli che li usano.
Procurati il prima possibile un firewall buono, Comodo Firewall o Zone Alarm ed usa Opera o Firefox per navigare al posto di IE.

Dopo aver terminato la scansione con VirIT postami i log di Gmer, temo che qualcosa rimarrà lo stesso.

[Rondinella]

questa è la scansione con virT:


VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
07/01/2007 - 17:51:24

[SCANSIONE DEL REGISTRO]
{03F998B2-0E00-11D3-A498-00104B6EB52E} Infetto da Spyware.ViewPoint.A
* * * RIMOSSO * * *
{FFFF0001-0001-101A-A3C9-08002B2F49FC} Infetto da Trojan.Win32.Dialer.AU
* * * RIMOSSO * * *
{014DA6C9-189F-421a-88CD-07CFE51CFF10} Infetto da BHO.MySearch.C
* * * RIMOSSO * * *
{37B85A21-692B-4205-9CAD-2626E4993404} Infetto da BHO.MyGlobalSearch.A
* * * RIMOSSO * * *
{74CC49F7-EB32-4A08-B204-948962A6E3DB} Infetto da Trojan.Win32.Hotbar.I
* * * RIMOSSO * * *
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Infetto da Adware.FunWeb.C
* * * RIMOSSO * * *
{6001CDF7-6F45-471b-A203-0225615E35A7} Infetto da BHO.Deskwizz.A
* * * RIMOSSO * * *
{994D478A-45D0-4DB4-AE77-288B1E346E99} Infetto da Trojan.Win32.Agent.YK
* * * RIMOSSO * * *
{2ee25147-37d4-4640-832c-fccfac8b21d9} Infetto da BHO.Agent.AR
* * * RIMOSSO * * *
{37B85A29-692B-4205-9CAD-2626E4993404} Infetto da Trojan.Win32.MyGlobalSch.A
* * * RIMOSSO * * *
{4D8603D1-E19F-4DB9-B841-CF0B3AECF967} Infetto da BHO.Duplex.A
* * * RIMOSSO * * *
{14D1A72D-8705-11D8-B120-0040F46CB696} Infetto da BHO.Agent.AZ
* * * RIMOSSO * * *
{2a6af021-17a2-4014-8624-cf6015f82fad} Infetto da BHO.Agent.BA
* * * RIMOSSO * * *
{81566074-267F-41e3-A51B-2599A3AC9EC3} Infetto da BHO.MuchoCool.S
* * * RIMOSSO * * *
{f250d521-225d-4d6b-8829-e064f944e180} Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
{112AB43D-32C4-3B21-53BA-13A46743BC34} Infetto da BHO.MouseGestures.A
* * * RIMOSSO * * *
{878E4122-A213-98AC-355B-3C723F572BA5} Infetto da BHO.WebQuick.A
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\system32\ntsystem.exe Infetto da Trojan.Win32.Small.NF
* * * RIMOSSO * * *
C:\WINDOWS\system32\mouseges.dll Infetto da BHO.MouseGestures.A
Il file sarà spostato nella cartella di quarantena.
C:\WINDOWS\system32\Runner.dll Infetto da Trojan.Win32.Agent.YK
* * * RIMOSSO * * *
C:\WINDOWS\system32\WebMon.dll Infetto da BHO.WebQuick.A
Il file sarà spostato nella cartella di quarantena.
C:\WINDOWS\Temp\_avast4_\unp115227286.tmp Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\Temp\_avast4_\unp173119511.tmp Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\Temp\_avast4_\unp185116336.tmp Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\Temp\_avast4_\unp109430098.tmp Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\Temp\_avast4_\unp27084277.tmp Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\Temp\_avast4_\unp256941196.tmp Infetto da Trojan.Win32.Small.NE
Il file sarà spostato nella cartella di quarantena.
C:\WINDOWS\soundlib.exe Infetto da Trojan.Win32.Agent.AHB
* * * RIMOSSO * * *
C:\WINDOWS\230171174178.exe Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\176228241166.exe Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\180224255123.exe Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\service32.exe Infetto da Trojan.Win32.Small.NE
Il file sarà spostato nella cartella di quarantena.
C:\Documents and Settings\Sara\Menu Avvio\explorer.lnk Infetto da Trojan.Win32.Agent.SP
* * * RIMOSSO * * *
C:\Documents and Settings\Sara\Preferiti\e1xplorer.lnk Infetto da Trojan.Win32.Agent.SP
* * * RIMOSSO * * *
C:\Documents and Settings\Sara\Preferiti\explorer.lnk Infetto da Trojan.Win32.Agent.SP
* * * RIMOSSO * * *
C:\Documents and Settings\Sara\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\ActiveXComponent.class-601348b1-29665da1.class Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\Programmi\FCAdvice\FCAdvice.dll Infetto da Trojan.Win32.Agent.YK
* * * RIMOSSO * * *
C:\Programmi\Batty\Batty.dll Infetto da Adware.CAS.E
Il file sarà spostato nella cartella di quarantena.
C:\Programmi\MyGlobalSearch\bar\1.bin\MGSBAR.DLL Infetto da Trojan.Win32.MyGlobalSch.A
Il file sarà spostato nella cartella di quarantena.

Chiavi Registro infette: 17.
Files Infetti: 22.
Files Sospetti: 0.
Files Analizzati: 56111.
Files Totali: 56111.
Chiavi Registro rimosse: 17.
Virus Rimossi: 16.

Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.


Riavvio??

[Amantide]

Riavvii si!

Mamma mia, il tuo povero pc era veramente mal ridotto... un sogno per i collezionisti dei virus

Rifai un altra scansione con VirIt dalla modalità provvisoria, si accede premendo F8 all'avvio.

[Rondinella]

Scansione eseguita con Hijack


Logfile of HijackThis v1.99.1
Scan saved at 21.22.57, on 07/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\mioengine.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Sara\IMPOST~1\Temp\Rar$EX00.375\HijackThis.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\Sara\IMPOST~1\Temp\Rar$EX00.376\HijackThis.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Sara\IMPOST~1\Temp\Rar$EX00.328\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,userinit.exe
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\Sara\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPU ... 10,0,911,0
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads Mediabar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Programmi\Batty\Batty.dll
O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\lpt1.kpq
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe


Va meglio secondo voi??

Ora provo con gmer ma è piu lenta.

[Amantide]

Hai già fatto la scansione con VirIT in modalità provvisoria?
Io intanto aspetto i log di Gmer.

[Rondinella]

si l'ho fatta e ne ha beccato altri 6. Non so cosa devo copiare e come si fa per germer.
Ci sono ci 8 voci cioè

Processes, MOdules, Services, Autostart,Rootkit,CMD,Setting e Log.

Cosa devo postare, cioè qual è la scansione da postarvi qua????

[Amantide]

Veramente l'avevo già scritto

Più che il log di Hijackthis posta i log di scansione con Gmer delle sezioni Autostart e Rootkit.

Premi Scan per fare la scansione ed a scansione terminata clicca su Copy e poi incolla qui.

[Rondinella]

Si scusaEcco la scansione con autosta, poi ti psto l'altra


GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-08 15:35:50
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = c:\windows\system32\userinit.exe,userinit.exe
Windows@AppInit_DLLs = \\?\C:\WINDOWS\System32\lpt1.kpq

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
cisvc /*Servizio di indicizzazione*/@ = C:\WINDOWS\System32\cisvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EPSON Stylus C46 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background r = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background r

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/(null) =
@{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} /*The Core Media Player Shell Extension*/C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL = C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CoreShellAgent@{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} = C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll = C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local Page\blank.htm = \blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local Page\blank.htm = \blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/x-bt2@CLSID = {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} /*file not found*/
text/html@CLSID = C:\Programmi\Batty\Batty.dll /*file not found*/
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
bt2@CLSID = {1730B77B-F429-498f-9B15-4514D83C8294} /*file not found*/
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\Sara\Menu Avvio\Programmi\Esecuzione automatica = My 190.it.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
NkbMonitor.exe.lnk = NkbMonitor.exe.lnk

---- EOF - GMER 1.0.12 ----

[Amantide]

Ecco la scansione con autosta, poi ti psto l'altra

Allora aspetto il log di Rootkit

[Rondinella]

Mi sembra strano che sia cosi corta ti ho postato anche il log dell Autostart corrispondente che è piu lungo ( comunque ora provo a fare un'altra scansione):

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-08 16:30:41
Windows 5.1.2600


---- User code sections - GMER 1.0.12 ----

.text C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE[1756] kernel32.dll!SetUnhandledExceptionFilter 77E79287 9 Bytes JMP 00519258 C:\Programmi\MSN Messenger\msnmsgr.exe

---- Devices - GMER 1.0.12 ----

Device \Driver\USB_RNDIS \Device\{114968D6-BECC-4D86-BEC3-5AD90871A477} IRP_MJ_PNP [F88374B6] RNDISMP.SYS

---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-08 16:31:25
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = c:\windows\system32\userinit.exe,userinit.exe
Windows@AppInit_DLLs = \\?\C:\WINDOWS\System32\lpt1.kpq

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
cisvc /*Servizio di indicizzazione*/@ = C:\WINDOWS\System32\cisvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EPSON Stylus C46 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background r = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background r

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/(null) =
@{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} /*The Core Media Player Shell Extension*/C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL = C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CoreShellAgent@{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} = C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll = C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local Page\blank.htm = \blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local Page\blank.htm = \blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/x-bt2@CLSID = {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} /*file not found*/
text/html@CLSID = C:\Programmi\Batty\Batty.dll /*file not found*/
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
bt2@CLSID = {1730B77B-F429-498f-9B15-4514D83C8294} /*file not found*/
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\Sara\Menu Avvio\Programmi\Esecuzione automatica = My 190.it.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
NkbMonitor.exe.lnk = NkbMonitor.exe.lnk

---- EOF - GMER 1.0.12 ----