Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

I Programmi di sicurezza si cancellano

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

I Programmi di sicurezza si cancellano

Messaggioda manero478 » dom gen 07, 2007 5:33 pm

sono stato sicuramente infettato..non so' da cosa...
questa infezione mi ha cancellato tutti gli eseguibili sia dell'antivirus che dello spyware...di AVG...
piu' anche spyware&detroy....
i quali pur riprovando a reinstallarli...non vanno...perche' appena installati ilvirus CANCELLA subito gli eseguibili...
che che abbia colpito IEXPLORER, infatti pur non eseguendolo sta ne taskmanager, ma ad intermittenza...
cioe' va' e viene...
ho provato a fare delle scansioni on line...ma non riesco a finirne una..
perche richiedendo IEXPLORER ( ma mi e' successo anche con firefox)..
ad un certo punto si chiude...e non pulisce nulla..
COSA POSSO FARE?????
La cosa e' urgente....grazie..
ah! ho fatto HijackThis.exe, ma il controllo sul sito http://www.hijackthis.de/it
mi da' che tutto cio che sta girando e sicuro.....
grazie per l'aiuto...
manero
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Messaggioda crazy.cat » dom gen 07, 2007 5:48 pm

Fai vedere quel log qui in ogni caso, dell'analisi in automatico non c'è da fidarsi.

Prova a farti poi una scansione dalla modalità provvisoria con uno di questi antivirus che non sono neanche da installare.
http://www.MegaLab.it/2333
http://www.MegaLab.it/2349

Mettiamo dei titoli alla discussione più decenti....
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

allego logo ....

Messaggioda manero478 » dom gen 07, 2007 5:57 pm

si scusa e grazie per il tempismo..di seguito il logo..scusa non so se l'ha caricato..te lo posto di seguito...
Logfile of HijackThis v1.99.1
Scan saved at 16.55.15, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Programmi\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gilberto\Desktop\Caccia ai VIRUS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [E06IXLRD_174203625] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gillo-cesa.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0687702203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1125734250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E81FE3E7-9662-44FE-8239-83A661227574}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm


Messaggioda Amantide » dom gen 07, 2007 6:01 pm

Crazy.cat, difficilmente riuscira ad usare i programmi da te segnalati, quel virus che ha elimina i file exe di praticamente tutti programmi di sicurezza.

@ manero

Leggi intanto questa discussione, ci sono 2 casi identici al tuo.
Per fare prima puoi eseguire direttamente questo script con Avenger, sostituendo X con la lettera dell' unità su quale è installato il sistema operativo, es C.
Files to delete:
X:\WINDOWS\system32\hldrrr.exe
X:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe
X:\Documents and Settings\Administrator\Dati applicazioni\hidires\m_hook.sys
X:\Windows\System32\wintems.exe

folders to delete:
X:\Documents and Settings\Administrator\Dati applicazioni\hidires

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | NWEReboot

registry keys to delete:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook
HKEY_CURRENT_USER\Software\FirstRRRun


Per sicurezza comunque puoi postare i log della scansione con Gmer delle sezioni Autostart e Rootkit.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

seguito...

Messaggioda manero478 » dom gen 07, 2007 7:10 pm

allora prima cosa non parte in modalita' provvisoria...ho provato sia con f8
che con msconfig..anzi cosi' dato che non entrava in mod.provvisoria..andava in loop e non entravo piu'..
ho dovuto mettere il cd di win xp..e nadare lla modalita propt da li'...poi ho rinominato il file boot.ini e sono riuscito ad entrare..
avevo dato il comando sdat4933.exe /e
e ho eseguito anche McAfee Stinger 2.6.0
ma non ho visto benefici...

ho provato a prendere sia avenger che gmer ma stranamente non me li fa' scaricare...
che faccio???

grazie
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Messaggioda Amantide » dom gen 07, 2007 7:13 pm

Scaricali da qui
http://www.MegaLab.it/3236
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

script avenger non va'...

Messaggioda manero478 » dom gen 07, 2007 7:32 pm

ho eseguito questo script :
C:\WINDOWS\system32\hldrrr.exe
C:\Documents and Settings\Administrator\Dati applicazioni\hidires\hidr.exe
C:\Documents and Settings\Administrator\Dati applicazioni\hidires\m_hook.sys
C:\Windows\System32\wintems.exe

folders to delete:
C:\Documents and Settings\Gilberto\Dati applicazioni\hidires

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | NWEReboot

registry keys to delete:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook
HKEY_CURRENT_USER\Software\FirstRRRun

mi dava degli errori..poi e' ripartito..ha fatto dei controlli..o non so cosa..e questo e' il log dell'esecuzione:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 5
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 5
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CURRENT_USER\Software\FirstRRRun


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ghybjsaa

*******************

Script file located at: hovjubdk

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!
---------------------
nel frattempo il file IEXPLORER PARTE E SI CHIUDE IN CONTINUAZIONE..

grazie
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Messaggioda Amantide » dom gen 07, 2007 7:36 pm

Sembra che Avenger non sia riuscito ad eseguire lo script. Fai la scansione con Gmer delle sezioni Autostart e Rootkit e posta qui i log.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

intanto gmer in autostart...

Messaggioda manero478 » dom gen 07, 2007 7:52 pm

ti mando questo intanto..perche il root kit sembra non finire mai..

GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2007-01-07 18:47:13
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
clr_optimization_v2.0.50727_32 /*.NET Runtime Optimization Service v2.0.50727_X86*/@ = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
MSSQL$PINNACLESYS /*MSSQL$PINNACLESYS*/@ = "C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS
O&O Defrag /*O&O Defrag*/@ = C:\WINDOWS\system32\oodag.exe
PinnacleSys.MediaServer /*Pinnacle Systems Media Service*/@ = "C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
@SNPSTD2C:\WINDOWS\vsnpstd2.exe = C:\WINDOWS\vsnpstd2.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@Collegamento alla pagina delle propriet? di High Definition Audio(null) =
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
@PMCRemoteC:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe = C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
@PMCS"C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug = "C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
@PinnacleDriverCheckC:\WINDOWS\system32\\PSDrvCheck.exe = C:\WINDOWS\system32\\PSDrvCheck.exe
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@E06IXLRD_174203625"C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m = "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@drvsyskitC:\Documents and Settings\Gilberto\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\Gilberto\Dati applicazioni\hidires\hidr.exe
@german.exeC:\WINDOWS\system32\wintems.exe = C:\WINDOWS\system32\wintems.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@{EC25E83C-0C8B-1040-0616-050516050027} = "C:\Programmi\File comuni\{EC25E83C-0C8B-1040-0616-050516050027}\Update.exe" te-110-12-0000073 /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 DragDrop Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Property Sheet Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{83D96563-DB11-42DF-92F9-32CE7BA54ED8} /*Altova Shortcut Drop Handler*/C:\WINDOWS\system32\LinkDropHandler.dll = C:\WINDOWS\system32\LinkDropHandler.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll = C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{0000CC75-ACF3-4cac-A0A9-DD3868E06852}C:\Programmi\DAP\DAPBHO.DLL = C:\Programmi\DAP\DAPBHO.DLL
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{955BE0B8-BC85-4CAF-856E-8E0D8B610560}C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL = C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.11 ----

ciao e grazie
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

scusa ma il rootkit sta diventando enorme..

Messaggioda manero478 » dom gen 07, 2007 8:12 pm

si rootkit non e' ancora finito....e sta diventando lunghissimo..lo posto cosi' comunque alla fine??

ciao
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: scusa ma il rootkit sta diventando enorme..

Messaggioda Amantide » dom gen 07, 2007 8:14 pm

manero478 ha scritto:si rootkit non e' ancora finito....e sta diventando lunghissimo..lo posto cosi' comunque alla fine??

ciao

Prova a farlo dalla modalità provvisoria se ci riesci o perlomeno disconnesso da internet e con tutti i programmi chiusi, antivirus, firewall ecc.

Io intanto ti "sforno" lo script.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Amantide » dom gen 07, 2007 8:17 pm

*edit*
Lascia stare il log di Rootkit ed esegui prima questo script.

Avevo commesso un errore ridicolo, mi ero scordata che questo virus si installa nella cartella d'utente ed ognuno ha il nome suo di quella cartella. In sostanza lo script è uguale, devo solo cambiare qualche parola. Assicurati di eseguire lo script da un account con i privileggi di amministratore.

Files to delete:
C:\WINDOWS\system32\hldrrr.exe
C:\Documents and Settings\Gilberto\Dati applicazioni\hidires\hidr.exe
C:\Documents and Settings\Gilberto\Dati applicazioni\hidires\m_hook.sys
C:\Windows\System32\wintems.exe

folders to delete:
C:\Documents and Settings\Gilberto\Dati applicazioni\hidires

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | german.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

rieccomi..

Messaggioda manero478 » dom gen 07, 2007 9:42 pm

allora il rootkit l'ho comunque finito..poi mi dici se te lo devo postare...

ho provato ad eseguire avenger con il nuovo script ma mi da' sempre errore :
Sytax error in line--does not appear to be a valid regitry path. line will be ignored.

che faccio???
[cry+]
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: rieccomi..

Messaggioda Amantide » dom gen 07, 2007 9:48 pm

manero478 ha scritto:allora il rootkit l'ho comunque finito..poi mi dici se te lo devo postare...

ho provato ad eseguire avenger con il nuovo script ma mi da' sempre errore :
Sytax error in line--does not appear to be a valid regitry path. line will be ignored.

che faccio???
[cry+]

Questo è continua guerra che ho io con Avenger e le chiavi in HKCU, non le vuole eliminare.
Finche da quell'errore non è molto grave, importante è che esegue il resto dello script. Dopo aver ricevuto quell'errore il computer si è riavviato? Hai provato a riavviarlo tu? L'account su quale ti trovi ha i privileggi di amministratore? Prova ad eseguire lo script disconnesso dal internet e con tutti i programmi chiusi, oppure dalla modalità provvisoria.
Postami anche il log che trovi in C:\Avenger
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

esito avenger

Messaggioda manero478 » dom gen 07, 2007 10:39 pm

allora questo e' il log: mi da' l'inpressione che l'ho fatto due volte..boh! :
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run | german.exe


Error: could not create zip file.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\axcangmo

*******************

Script file located at: \??\C:\WINDOWS\system32\wemtwhhw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Documents and Settings\Gilberto\Dati applicazioni\hidires deleted successfully.
Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cidacuub

*******************

Script file located at: \??\C:\ticcpldq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Documents and Settings\Gilberto\Dati applicazioni\hidires not found!
Deletion of folder C:\Documents and Settings\Gilberto\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\Gilberto\Dati applicazioni\hidires
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

NOTA:
IEXPLORER CONTINUA AD APRIRSI E CHIUDERSI...
ciao grazie ancora..
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

aggiunta...

Messaggioda manero478 » dom gen 07, 2007 10:40 pm

ho notato dal task manager che il file hldrrr e' in esecuzione.
ciao
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Re: aggiunta...

Messaggioda Amantide » dom gen 07, 2007 10:47 pm

manero478 ha scritto:ho notato dal task manager che il file hldrrr e' in esecuzione.
ciao

Si, infatti non è stato eliminato da Avenger. Prova ad eliminare questi file dalla modalità provvisoria o con aiuto di Unlocker.
C:\WINDOWS\system32\hldrrr.exe
C:\Windows\System32\wintems.exe

Dopo apri il registro, Start --> Esegui --> regedit --> Ok
Espandi le voci fino ad arrivare a HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
nella scheda a destra trova ed elimina questi valori (Tasto destro--> Elimina) :
hldrrr
german.exe
drvsyskit
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

eureka!!!!!!!!!!

Messaggioda manero478 » dom gen 07, 2007 11:53 pm

allora sembra che tutto si sia risolto...
ho reinstallato antivirus e antispyware..e adesso vanno..
speriamo che li hanno aggiornati per non far rientrare il virus...mah!
adesso mi e' rimasto il fatto che non ne vuol sapere di ripartire in modalita' provvisoria..ma ci penso damani..
adesso ti rigrazio per il tempo che mi hai dedicato..
e ti allego per sicurezza l'ultimo gmer autostart:
GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2007-01-07 22:51:30
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
clr_optimization_v2.0.50727_32 /*.NET Runtime Optimization Service v2.0.50727_X86*/@ = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
MSSQL$PINNACLESYS /*MSSQL$PINNACLESYS*/@ = "C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS
O&O Defrag /*O&O Defrag*/@ = C:\WINDOWS\system32\oodag.exe
PinnacleSys.MediaServer /*Pinnacle Systems Media Service*/@ = "C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
@SNPSTD2C:\WINDOWS\vsnpstd2.exe = C:\WINDOWS\vsnpstd2.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@Collegamento alla pagina delle propriet? di High Definition Audio(null) =
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
@PMCRemoteC:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe = C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
@PMCS"C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug = "C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
@PinnacleDriverCheckC:\WINDOWS\system32\\PSDrvCheck.exe = C:\WINDOWS\system32\\PSDrvCheck.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@UnlockerAssistant"C:\Programmi\Unlocker\UnlockerAssistant.exe" = "C:\Programmi\Unlocker\UnlockerAssistant.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@E06IXLRD_174203625 = "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@{EC25E83C-0C8B-1040-0616-050516050027} = "C:\Programmi\File comuni\{EC25E83C-0C8B-1040-0616-050516050027}\Update.exe" te-110-12-0000073 /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 DragDrop Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Property Sheet Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{83D96563-DB11-42DF-92F9-32CE7BA54ED8} /*Altova Shortcut Drop Handler*/C:\WINDOWS\system32\LinkDropHandler.dll = C:\WINDOWS\system32\LinkDropHandler.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll = C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{0000CC75-ACF3-4cac-A0A9-DD3868E06852}C:\Programmi\DAP\DAPBHO.DLL = C:\Programmi\DAP\DAPBHO.DLL
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{955BE0B8-BC85-4CAF-856E-8E0D8B610560}C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL = C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.11 ----



ciao e grazie ancora....
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Messaggioda Amantide » lun gen 08, 2007 12:01 am

Fai una cosa, carica sul Virustotal questo file perché non riesco a risalire alle sue origini:
C:\Programmi\File comuni\{EC25E83C-0C8B-1040-0616-050516050027}\Update.exe

Il log ora è pulito, come i programmi da installare ti consiglio
antivirus - Active Virus Shield o Antivir;
firewall - Comodo Firewall o Zone Alarm;
per la protezione in tempo reale - Spyware Terminator.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

segue...

Messaggioda manero478 » mar gen 09, 2007 1:29 pm

scusa il ritardo...
comunque ho fatto una ricerca su tutto il PC e quella cartella con quel file non esisono..

ti riallego il gmer autostar di adesso..
GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2007-01-09 12:28:15
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
MSSQL$PINNACLESYS /*MSSQL$PINNACLESYS*/@ = "C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS
O&O Defrag /*O&O Defrag*/@ = C:\WINDOWS\system32\oodag.exe
PinnacleSys.MediaServer /*Pinnacle Systems Media Service*/@ = "C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
@SNPSTD2C:\WINDOWS\vsnpstd2.exe = C:\WINDOWS\vsnpstd2.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@Collegamento alla pagina delle propriet? di High Definition Audio(null) =
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
@PMCRemoteC:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe = C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
@PMCS"C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug = "C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
@PinnacleDriverCheckC:\WINDOWS\system32\\PSDrvCheck.exe = C:\WINDOWS\system32\\PSDrvCheck.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@UnlockerAssistant"C:\Programmi\Unlocker\UnlockerAssistant.exe" = "C:\Programmi\Unlocker\UnlockerAssistant.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@E06IXLRD_174203625 = "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@{EC25E83C-0C8B-1040-0616-050516050027} = "C:\Programmi\File comuni\{EC25E83C-0C8B-1040-0616-050516050027}\Update.exe" te-110-12-0000073 /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 DragDrop Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.5 Property Sheet Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{83D96563-DB11-42DF-92F9-32CE7BA54ED8} /*Altova Shortcut Drop Handler*/C:\WINDOWS\system32\LinkDropHandler.dll = C:\WINDOWS\system32\LinkDropHandler.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll = C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{0000CC75-ACF3-4cac-A0A9-DD3868E06852}C:\Programmi\DAP\DAPBHO.DLL = C:\Programmi\DAP\DAPBHO.DLL
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{955BE0B8-BC85-4CAF-856E-8E0D8B610560}C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL = C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.11 ----

Grazie di tutto
manero
Avatar utente
manero478
Senior Member
Senior Member
 
Messaggi: 384
Iscritto il: ven dic 23, 2005 3:14 pm

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising