Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Linkoptimizer - Aiuto esecuzione Guida di BilloKenobi

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Linkoptimizer - Aiuto esecuzione Guida di BilloKenobi

Messaggioda lamiah » gio nov 02, 2006 1:42 pm

Poiché mi è stato diagnosticato il virus LinkOptimizer, sto attuando la guida in merito di BilloKenobi (il sospetto circa l’infezione veniva da stringhe di questo tipo rilevate con HijackThis:

C:\WINDOWS\System32\STDSB.exe
1.EXE
C:\WINDOWS\Temp\djwt1.exe
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {EF262353-4C15-3EBE-40CD-45B4A5B8B5AA} - C:\WINDOWS\ofllt1.dll (file missing)
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [djwt6.exe] C:\WINDOWS\Temp\djwt6.exe
O4 - HKLM\..\Run: [djwt1.exe] C:\WINDOWS\Temp\djwt1.exe)

Preliminarmente, ieri sera ho scaricato Vir.it e l'ho avviato. Mi ha trovato ed elimato dei virus, poi, poco dopo che operava, una finestra ha detto che si è riscontrato un problema e l'applicazione verrà chiusa! stamattina idem e sono passata alla rimozione manuale.
Prima di operare, visto che alcuni file sospetti (djwt6-djwt1-STDSB) si eseguivano all'avvio di windows, per impedire questo su suggerimento di un esperto di un altro firum ho proceduto così: Esegui-msconfig-Avvio-ho spuntato le voci di qui file-applica-riavvio computer.

Avviato nuovamente il pc, ho attuato i punti 1-2-3 della guida di BilloKenobi.
(punto 1: Myuninstaller non ha trovato le voci LinkOptimizer o ConnectionServices;
punto 2: Star - - > Esegui - -> control userpasswords2: non ho trovato utenze sospette;
punto 3: in C\Documents and Settings ho trovato una cartella con questo nome EVnehYGHCgIc, mi è parsa sospetta e l’ho eliminata).

Ora sono al punto 4 e non so come usare Avenger (che ho preso dal file zip messo a disposizione nelle pagine dell’articolo a LinkOptimizer e che miracolosamente oggi riesce ad aprirsi).
Nella sua guida, Billokenobi dice, a proposito dello “script” di Avenger, di farsi aiutare dagli esperti del forum, postando i log di Gmer.
Purtroppo Gmer (che ho preso sempre dal file zip disponibile nell’articolo a LinkOptimizer) mi ha fatto solo lo scan di Autostart, il cui log posto di seguito, mentre non mi fa fare lo scan di Rootkit, perché mentre lo esegue mi dice che si è verificato un errore e l’applicazione verrà chiusa!

Magari posto, dopo il log di Gmer, anche quello di Hijackthis relativo allo scan fatto dopo aver eseguito i primi 3 punti dalla guida rimozione di BilloKenobi.

GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-11-02 10:16:42
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Avast4\ashServ.exe"
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NOD32krn /*NOD32 Kernel Service*/@ = C:\Programmi\Eset\nod32krn.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SLService /*SmartLinkService*/@ = slserv.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@nod32kuiC:\Programmi\Eset\nod32kui.exe /WAITSERVICE = C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
@InstantAccessC:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h = C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
@RegisterDropHandlerC:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE = C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
@EPSON Stylus C46 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@NWEReboot /*file not found*/ = /*file not found*/
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@CloneCDTray"C:\Programmi\CloneCD\CloneCDTray.exe" /s = "C:\Programmi\CloneCD\CloneCDTray.exe" /s
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@HP Software UpdateC:\Programmi\HP\HP Software Update\HPWuSchd2.exe = C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
@avast!C:\PROGRA~1\Avast4\ashDisp.exe = C:\PROGRA~1\Avast4\ashDisp.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@CnxDslTaskBar"C:\Programmi\FlyNet\CnxDslTb.exe" = "C:\Programmi\FlyNet\CnxDslTb.exe"
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
RunServices@RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MoneyAgent"C:\Programmi\Microsoft Money\System\Money Express.exe" = "C:\Programmi\Microsoft Money\System\Money Express.exe"
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@U.S. Robotics USB PhoneC:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe = C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@swgC:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe /*file not found*/ = C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{990a81a0-b289-11cf-a800-00a0c903a2a6} /*Cryptext*/C:\WINDOWS\System32\ShellExt\Cryptext.dll = C:\WINDOWS\System32\ShellExt\Cryptext.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} /*ShellPlusContextMenu*/C:\WINDOWS\system32\B4FM.dll /*file not found*/ = C:\WINDOWS\system32\B4FM.dll /*file not found*/
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Avast4\ashShell.dll = C:\Programmi\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Avast4\ashShell.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\System32\ShellExt\Cryptext.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\System32\ShellExt\Cryptext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Avast4\ashShell.dll
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\System32\ShellExt\Cryptext.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
@{EF262353-4C15-3EBE-40CD-45B4A5B8B5AA}C:\WINDOWS\ofllt1.dll /*file not found*/ = C:\WINDOWS\ofllt1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\sstext3d.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.beppegrillo.it/ = http://www.beppegrillo.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@PackedCatalogItem = imon.dll

C:\Documents and Settings\Amelia\Menu Avvio\Programmi\Esecuzione automatica = reminder-Registrazione del prodotto Scansoft.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.exe.lnk = Adobe Gamma Loader.exe.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Post-it® Software Notes Lite.lnk = Post-it® Software Notes Lite.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.11 ----GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-11-02 10:16:42
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Avast4\ashServ.exe"
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NOD32krn /*NOD32 Kernel Service*/@ = C:\Programmi\Eset\nod32krn.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SLService /*SmartLinkService*/@ = slserv.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@nod32kuiC:\Programmi\Eset\nod32kui.exe /WAITSERVICE = C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
@InstantAccessC:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h = C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
@RegisterDropHandlerC:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE = C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
@EPSON Stylus C46 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@NWEReboot /*file not found*/ = /*file not found*/
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@CloneCDTray"C:\Programmi\CloneCD\CloneCDTray.exe" /s = "C:\Programmi\CloneCD\CloneCDTray.exe" /s
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@HP Software UpdateC:\Programmi\HP\HP Software Update\HPWuSchd2.exe = C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
@avast!C:\PROGRA~1\Avast4\ashDisp.exe = C:\PROGRA~1\Avast4\ashDisp.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@CnxDslTaskBar"C:\Programmi\FlyNet\CnxDslTb.exe" = "C:\Programmi\FlyNet\CnxDslTb.exe"
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
RunServices@RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MoneyAgent"C:\Programmi\Microsoft Money\System\Money Express.exe" = "C:\Programmi\Microsoft Money\System\Money Express.exe"
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@U.S. Robotics USB PhoneC:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe = C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@swgC:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe /*file not found*/ = C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{990a81a0-b289-11cf-a800-00a0c903a2a6} /*Cryptext*/C:\WINDOWS\System32\ShellExt\Cryptext.dll = C:\WINDOWS\System32\ShellExt\Cryptext.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} /*ShellPlusContextMenu*/C:\WINDOWS\system32\B4FM.dll /*file not found*/ = C:\WINDOWS\system32\B4FM.dll /*file not found*/
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Avast4\ashShell.dll = C:\Programmi\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Avast4\ashShell.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\System32\ShellExt\Cryptext.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\System32\ShellExt\Cryptext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Avast4\ashShell.dll
Cryptext@{990a81a0-b289-11cf-a800-00a0c903a2a6} = C:\WINDOWS\System32\ShellExt\Cryptext.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
@{EF262353-4C15-3EBE-40CD-45B4A5B8B5AA}C:\WINDOWS\ofllt1.dll /*file not found*/ = C:\WINDOWS\ofllt1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\sstext3d.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.beppegrillo.it/ = http://www.beppegrillo.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@PackedCatalogItem = imon.dll

C:\Documents and Settings\Amelia\Menu Avvio\Programmi\Esecuzione automatica = reminder-Registrazione del prodotto Scansoft.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.exe.lnk = Adobe Gamma Loader.exe.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Post-it® Software Notes Lite.lnk = Post-it® Software Notes Lite.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.11 ----


Logfile of HijackThis v1.99.1
Scan saved at 11.12.34, on 02/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avast4\aswUpdSv.exe
C:\Programmi\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Avast4\ashMaiSv.exe
C:\Programmi\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\CloneCD\CloneCDTray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\TextBridge Pro 8.0\Ereg\REMIND32.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Applicazioni programmi - aggiornato al 15-10-2006\_AA_v_e_n_g_h_e_r.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Applicazioni programmi - aggiornato al 15-10-2006\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beppegrillo.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Class - {EF262353-4C15-3EBE-40CD-45B4A5B8B5AA} - C:\WINDOWS\ofllt1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Programmi\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [U.S. Robotics USB Phone] C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: reminder-Registrazione del prodotto Scansoft.lnk = C:\Programmi\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Programmi\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8001352124
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2070113950
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe



Allora cosa faccio ora con Avenger ?

Grazie infinite per la pazienza!!!
Avatar utente
lamiah
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio nov 02, 2006 1:19 pm

Messaggioda BilloKenobi » gio nov 02, 2006 2:12 pm

i log sono essenzialmente puliti...

disattiva l'antivirus, il firewall, eventuali moduli hips

Ora estrai e avvia Avenger.exe

Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\ofllt1.dll

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF262353-4C15-3EBE-40CD-45B4A5B8B5AA}


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (che si trova in C:\avenger.txt) con l´esito dello script.

poi prova a far girare questo tool... se non funziona, prova a rinominarlo con un nome casuale, tipo sedia.exe

http://www.mytempdir.com/1012500

una volta che l'hai fatto girare, posta il log che rilascia in C:\gromozon_removal.log

facci sapere, ciao
Begun the Clone War has
Avatar utente
BilloKenobi
Senior Member
Senior Member
 
Messaggi: 453
Iscritto il: gio ago 10, 2006 11:06 am

Messaggioda lamiah » gio nov 02, 2006 4:30 pm

Grazie BilloKenobi.
Una domanda in merito allo script di Avnger.

Il log di HijackThis del mio post sopra riguarda lo scan fatto dopo che, acceso stamattina il computer, prima di ogni altra operazione, ho tolto dall’avvio automatico i file sospetti djwt1.exe, djwt6.exe, STDSB.exe (rilevati con una precedente scansione di HijackThis) così facendo:
Start – Esegui – msconfig – Avvio – Ho tolto la spunta ai suddetti file – applica – Riavvio computer.

Dopo che il computer si è riavviato, i file non sono stati eseguiti automaticamente all’avvio, e infatti, facendo un nuovo scan con HijackThis (quello riportato nel mio post sopra) non risultano le voci:
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [djwt6.exe] C:\WINDOWS\Temp\djwt6.exe
O4 - HKLM\..\Run: [djwt1.exe] C:\WINDOWS\Temp\djwt1.exe

I file sono comunque presenti, precisamente in C:\WINDOWS\Temp e C:\WINDOWS\System32

Pertanto, ti chiedo, nello script di Avanger devo aggiungerli?
Potrebbe essere dunque questo lo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\ofllt1.dll
C:\WINDOWS\Temp\djwt1.exe
C:\WINDOWS\Temp\djwt6.exe
C:\WINDOWS\System32\STDSB.exe

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF262353-4C15-3EBE-40CD-45B4A5B8B5AA}

Grazie!!!
Avatar utente
lamiah
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio nov 02, 2006 1:19 pm


Messaggioda Amantide » gio nov 02, 2006 4:52 pm

Si, devi aggiungere anche questi file. Già che ci sei, vedi se nelle cartelle C:\Programmi\File comuni\System Services e Microsoft Shared c'è qualche file di colore verde. Se li trovi, anche loro sono da aggiungere nello script di Avenger.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda lamiah » gio nov 02, 2006 5:17 pm

Grazie anche ad Amantide.

Allora inserisco questo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\ofllt1.dll
C:\WINDOWS\Temp\djwt1.exe
C:\WINDOWS\Temp\djwt6.exe
C:\WINDOWS\System32\STDSB.exe

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF262353-4C15-3EBE-40CD-45B4A5B8B5AA}


Circa i file verdi, stamattina dopo le fasi 1-2-3 della Guida, non sapendo come usare Avenger, sono passata alla 5: ne ho trovati 2 in C:\Programmi\File comuni\System e li ho eliminati con la tool di Nod32, come specificato nella Guida e ora non ci sono più. Ho fatto bene?


Un'ultima cosa. HijackThis mi riporta anche queste stringhe:

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe


I valori dove c'è Unknower owner credo siano sospetti, vero? Devo eliminare anche questi con Avenger?
Avatar utente
lamiah
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio nov 02, 2006 1:19 pm

Messaggioda crazy.cat » gio nov 02, 2006 5:25 pm

lamiah ha scritto:I valori dove c'è Unknower owner credo siano sospetti, vero? Devo eliminare anche questi con Avenger?

No, è un buco di hijackthis, vanno bene così.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Amantide » gio nov 02, 2006 5:29 pm

lamiah ha scritto:Circa i file verdi, stamattina dopo le fasi 1-2-3 della Guida, non sapendo come usare Avenger, sono passata alla 5: ne ho trovati 2 in C:\Programmi\File comuni\System e li ho eliminati con la tool di Nod32, come specificato nella Guida e ora non ci sono più. Ho fatto bene?

Hai fatto benissimo [8D]
Dopo aver eseguito lo script di Avenger, fai una ripassatina con i tools di rimozione della Prevx e della Symantec. Il tool della Symantec deve essere eseguito dalla modalità provvisoria. E già che ci sei, fai anche un altra scansione con VirIt, questa volta però dalla modalità provisoria.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda lamiah » gio nov 02, 2006 5:48 pm

Dove posso prendere la tool della Prevx?
Quella Symantec l'ho estratta dal file zip messo a disposizione qui http://www.MegaLab.it/3236 ma fino a ieri sera non c'era modo di farla partire. speriamo ora.
Avatar utente
lamiah
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio nov 02, 2006 1:19 pm

Messaggioda Amantide » gio nov 02, 2006 6:06 pm

lamiah ha scritto:Dove posso prendere la tool della Prevx?
.

http://www.prevx.com/gromozon.asp
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda lamiah » gio nov 02, 2006 6:49 pm

Faccio tutto e poi vi aggiorno!
Avatar utente
lamiah
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio nov 02, 2006 1:19 pm

Messaggioda lamiah » gio nov 02, 2006 10:33 pm

Dunque, ho utilizzato Avenger con lo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\ofllt1.dll
C:\WINDOWS\Temp\djwt1.exe
C:\WINDOWS\Temp\djwt6.exe
C:\WINDOWS\System32\STDSB.exe

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF262353-4C15-3EBE-40CD-45B4A5B8B5AA}

Poi il computer si è riavviato da solo.

Appena caricato, si è verificato ciò:

1) si aperta una finestra dal nome “C\Windows\system32\cnd.exe” avente lo sfondo nero e con dentro queste scritte bianche:
C:\ avenger\1.reg
C:\ avenger\2.reg
1 file copiati
zip warning: C:/backup.rip not found or empty
adding: avenger/avenger.txt (188 bytes securety) (deflated 72%)
adding: avenger/backup.reg (188 bytes securety) (deflated 41%)
adding: avenger/djwt1.exe (136 bytes securety) (deflated 7%)
adding: avenger/STDSB.exe (152 bytes securety) (deflated 64%)

2) si è aperta contemporaneamente quest’altra finestra:
“Windows – Disco non presente
Impossibile trovare il disco nell’unità.
Inserire il disco nell’unità”.

3) Il file C:\avenger.txt, con il log di Avenger, si apre ma è un’accozzaglia di segni incomprensibili.
Ho pensato che fosse perché il mio Blocco note non funziona bene; ma ho usato anche PSPad editor e word ed è la stessa cosa.
Che fare?

4) Qui (http://www.MegaLab.it/2615) si dice di eliminare la cartella di backup creata da Avenger, che si trova in C:\avenger, inserendo in Start - - > Esegui il comando:
del \\.\c:\avenger
A me non consente l’eliminazione dicendo che il file “del” non può essere trovato!
Che fare?

Ancora grazie per la pazienza!
Avatar utente
lamiah
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio nov 02, 2006 1:19 pm

Messaggioda Amantide » ven nov 03, 2006 8:51 am

lamiah ha scritto:4) Qui (http://www.MegaLab.it/2615) si dice di eliminare la cartella di backup creata da Avenger, che si trova in C:\avenger, inserendo in Start - - > Esegui il comando:
del \\.\c:\avenger
A me non consente l’eliminazione dicendo che il file “del” non può essere trovato!
Che fare?

Chiedo venia, colpa mia [:I] [banned?]
Avevo perso un passaggio, anziche Start--> Esegui è Start--> Esegui--> cmd. Il comando va eseguito nel Prompt dei comandi.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda lamiah » dom nov 05, 2006 10:05 pm

Dunque, dopo Avenger, ho utilizzato la tool della Prevx, poi, in modalità provvisoria, quella della Symantec.
Ho fatto, inoltre, la scansione con VirIt e, per abbondare, anche con Ad-AWare (che ha trovato 2 riferimenti a LinkOptimizer).
Alla fine ho attuato l’ultimo punto della guida:
Start – Esegui – regedit - trovare e cancellare tutte le voci relative ai nomi random, alle clsid random, a Linkoptimizer o Connectionservices (le ho scovate ed eliminate).

Vi posto i vari log, e alla fine quello di Hijackthis.


1) Tool Prevx:

Gromozon rootkit component not detected - searching for other components
Scanning: C:\Programmi\File comuni
Scanning Windows Directory...
Scanning Temporary files...
Trojan.Gromozon does not exist on the system.


2) Tool Symantec:

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group

Trojan.Linkoptimizer has not been found on your computer.


3) Log Ad-ware con riferimento a LinkOptimizer:


Ad-Aware SE Build 1.06r1
File registro creato il:domenica 5 novembre 2006 13.44.18
Created with Ad-Aware SE Personal, free for private use.
File delle definizioni in uso:SE1R129 26.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Riferimenti rilevati durante la scansione
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.LinkOptimizer(Indice TAC:4):2 riferimenti totali
MRU List(Indice TAC:0):14 riferimenti totali
Tracking Cookie(Indice TAC:3):4 riferimenti totali
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

05-11-2006 13.44.18 - Scansione avviata (scansione completa del sistema).

(omissis)

Scansione del registro di sistema avviata
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.LinkOptimizer Oggetto riconosciuto!
Tipo : RegKey
Dati :
Valutazione TAC : 4
Categoria : Malware
Commento :
RootKey : HKEY_CLASSES_ROOT
Oggetto : clsid\{e3a77057-d10b-b02a-d823-22e020c583b5}

Risultati della scansione del registro di sistema:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Oggetti critici nuovi: 1
Oggetti rilevati: 15


Scansioni condizionali in corso...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.LinkOptimizer Oggetto riconosciuto!
Tipo : RegKey
Dati :
Valutazione TAC : 4
Categoria : Malware
Commento :
RootKey : HKEY_LOCAL_MACHINE
Oggetto : software\microsoft\internet explorer\urlsearchhooks

Risultati delle scansioni condizionali:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Oggetti critici nuovi: 1
Oggetti rilevati: 20



4) Log Hijackthis dopo pulizia:

Logfile of HijackThis v1.99.1
Scan saved at 21.54.41, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avast4\aswUpdSv.exe
C:\Programmi\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Avast4\ashMaiSv.exe
C:\Programmi\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\CloneCD\CloneCDTray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\TextBridge Pro 8.0\Ereg\REMIND32.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Applicazioni programmi - aggiornato al 15-10-2006\HijackThis e simili\gmer.exe
C:\Programmi\Windows NT\Accessori\WORDPAD.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Avast4\setup\avast.setup
C:\Programmi\Applicazioni programmi - aggiornato al 15-10-2006\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beppegrillo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Programmi\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [U.S. Robotics USB Phone] C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: reminder-Registrazione del prodotto Scansoft.lnk = C:\Programmi\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Programmi\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8001352124
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2070113950
O17 - HKLM\System\CCS\Services\Tcpip\..\{385F5F6D-ABD2-4012-B0C6-1FF1188317F6}: NameServer = 85.37.17.51 85.38.28.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{385F5F6D-ABD2-4012-B0C6-1FF1188317F6}: NameServer = 85.37.17.51 85.38.28.97
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe


Che ne pensate?

Inoltre, posso ora riabilitare il ripristino configurazione di sistema?

Grazie.
Avatar utente
lamiah
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: gio nov 02, 2006 1:19 pm

Messaggioda BilloKenobi » dom nov 05, 2006 10:35 pm

direi proprio di sì [:-D]
Begun the Clone War has
Avatar utente
BilloKenobi
Senior Member
Senior Member
 
Messaggi: 453
Iscritto il: gio ago 10, 2006 11:06 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising