veniamo al dunque.. credo di aver preso un bagle..
Premetto che :
- Hijackthis mi ha cancellato (o fixato ) 3 voci che piu' o meno suonavano cosi'(non mi ricordo di preciso) : wintems.exe , hidr.exe
e hdlrr.exe
- poi ho lanciato GMER che non mi ha evidenziato voci in rosso
- ho trovato 2 file che avevano "wintems" nel nome in C:\windows e li ho cancellati
- ho lanciato il task manager e i processi con i nomi di cui sopra non c'erano piu'
- file di log non c'enerano in GMER (o forse non sono riuscito a trovarli io)
e quindi Avenger non ha funzionato.
Forse sono riuscito a risolvere il problema..non so, Help!, comunque per adesso problemi di sistema non ne ho
Aggiungo la scansione dell'autostart , spero che qualcuno mi dica qualcosa di piu'...
ciao a tutti .. spero di poter ringraziare qualche "collega" di forum
GMER 1.0.12.12244 - http://www.gmer.net
Autostart scan 2007-06-23 20:09:30
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
igfxcui@DLLName = igfxsrvc.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
C-DillaCdaC11BA /*C-DillaCdaC11BA*/@ = C:\WINDOWS\system32\drivers\CDAC11BA.EXE
CLTNetCnService /*Symantec Lic NetConnect service*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hpsysdrvc:\windows\system\hpsysdrv.exe = c:\windows\system\hpsysdrv.exe
@RecguardC:\WINDOWS\SMINST\RECGUARD.EXE = C:\WINDOWS\SMINST\RECGUARD.EXE
@VTTimerVTTimer.exe /*file not found*/ = VTTimer.exe /*file not found*/
@SiS Windows KeyHookC:\WINDOWS\system32\keyhook.exe = C:\WINDOWS\system32\keyhook.exe
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@PS2C:\WINDOWS\system32\ps2.exe = C:\WINDOWS\system32\ps2.exe
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@AlcxMonitorALCXMNTR.EXE = ALCXMNTR.EXE
@CnxDslTaskBar"C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" = "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Acme.PCHButtonC:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe = C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@supervisor.exeC:\WINDOWS\supervisor.exe /*file not found*/ = C:\WINDOWS\supervisor.exe /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/(null) =
@{59850401-6664-101B-B21C-00AA004BA90B} /*Utilità di separazione di Raccoglitore Office.*/C:\Programmi\Microsoft Office\Office\UNBIND.DLL = C:\Programmi\Microsoft Office\Office\UNBIND.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office\olkfstub.dll = C:\Programmi\Microsoft Office\Office\olkfstub.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/(null) =
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\contmenu.dll = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
@{EBDF1F20-C829-11D1-8233-0020AF3E97A6} /*ATS Context Menu Shell Extension*/(null) =
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ZipGenius 6@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ContMenu@{EBDF1F20-C829-11D1-8233-0020AF3E97A6} =
ZipGenius 6@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ContMenu@{EBDF1F20-C829-11D1-8233-0020AF3E97A6} =
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q404&bd=presario&pf=desktop = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
@Start Pagehttp://www.libero.it/ = http://www.libero.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
cetihpz@CLSID = C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DF8D2DE2-92BD-4E70-A85B-963288CAA377} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress =
@NameServer =
@DefaultGateway =
@Domain =
C:\Documents and Settings\Compaq_Proprietario\Menu Avvio\Programmi\Esecuzione automatica = wkcalrem.LNK
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio Office.lnk
---- EOF - GMER 1.0.12 ----