Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

win 32 trojan - gen

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

win 32 trojan - gen

Messaggioda fiorellino » ven dic 19, 2008 6:16 pm

Salve…
Sono disperata, mi hanno detto che il vostro sito è in grado di risolvere problemi con virus e spero che possiate aiutarmi….ne ho davvero bisogno!!!!!
Da diversi giorni il mio computer risulta infettato da moltissimi virus, che sposto nel cestino. Ma l’antivirus che ho istallato
( Avast ) mi comunica continuamente la presenza di un virus worm:
win 32 trojan - gen (other)
anche se continuo a spostarlo nel cestino, come mi raccomanda di fare. Inoltre Avast mi comunica che ha trovato un file sospetto:
file windows\system 32\explorer 32.exe
tipo Rootkit: processo nascosto
mi consiglia di ignorare e riavviare il computer per far partire la scansione, ma non serve a niente, perché poi la scritta ricompare. Non so proprio cosa fare, anche perché non sono esperta (anzi sono veramente una frana)e non so come comportarmi.,
Grazie di cuore per l’aiuto che spero mi darete…
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda ste_95 » ven dic 19, 2008 7:06 pm

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 10:25 am

Grazie per avermi risposto, ho eseguito alla lettera i passaggi della prima fase e questo è il risultato che ora provo a postare, spero di aver capito come si fa....grazie,grazie,grazie...poi eseguirò la seconda fase, a presto

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-12-22 10:11:01
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
6to4@ = %SystemRoot%\system32\svchost.exe -k netsvcs
aswUpdSv@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
avast! Antivirus@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CiSvc@ = %SystemRoot%\system32\cisvc.exe
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Iprip@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
MyWebSearchService@ = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
NWCWorkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SimpTcp@ = %SystemRoot%\system32\tcpsvcs.exe
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@VTTimerVTTimer.exe /*file not found*/ = VTTimer.exe /*file not found*/
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
@Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@MyWebSearch Pluginrundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF = rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
@MyWebSearch Email PluginC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
@My Web Search Bar Search Scope Monitor"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
@98bb73f6rundll32.exe "C:\WINDOWS\system32\jnutevka.dll",b = rundll32.exe "C:\WINDOWS\system32\jnutevka.dll",b
@Advanced DHTML EnableC:\Documents and Settings\GUGLIELMO\msvsc.exe = C:\Documents and Settings\GUGLIELMO\msvsc.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MyWebSearch Email PluginC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@67368622290937849074218977977194C:\Programmi\A360\av360.exe = C:\Programmi\A360\av360.exe
@ieupdate"C:\WINDOWS\system32\explorer32.exe" /*file not found*/ = "C:\WINDOWS\system32\explorer32.exe" /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll
@UPnPMonitorC:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll /*file not found*/ = C:\WINDOWS\system32\hticons.dll /*file not found*/
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{8e9d6600-f84a-11ce-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{e3f2bac0-099f-11cf-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{52c68510-09a0-11cf-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{BB7DF450-F119-11CD-8465-00AA00425D90} /*Microsoft Access Custom Icon Handler*/C:\Programmi\Microsoft Office\Office\soa800.dll = C:\Programmi\Microsoft Office\Office\soa800.dll
@{59850401-6664-101B-B21C-00AA004BA90B} /*Utilità di separazione di Raccoglitore Office.*/C:\Programmi\Microsoft Office\Office\UNBIND.DLL = C:\Programmi\Microsoft Office\Office\UNBIND.DLL
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
NetWareUNCMenu@{e3f2bac0-099f-11cf-8daa-00aa004a5691} = nwprovau.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{00A6FAF1-072E-44cf-8957-5838F569A31D}C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL = C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{07B18EA1-A523-4961-B6BB-170DE4475CCA}C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL = C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
@{D90073E2-66B2-4CFE-8ABE-73B762B03710}C:\WINDOWS\system32\opnlLFWM.dll /*file not found*/ = C:\WINDOWS\system32\opnlLFWM.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\sstext3d.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.a2articles.com = http://www.a2articles.com
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57B76B7B-EAF1-4065-9124-8F19C34CBCCE} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.3 = 192.168.1.3
@NameServer62.101.81.80,62.101.81.81 = 62.101.81.80,62.101.81.81
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000004@LibraryPath = C:\WINDOWS\system32\pnrpnsp.dll
000000000005@LibraryPath = C:\WINDOWS\system32\pnrpnsp.dll
000000000006@LibraryPath = %SystemRoot%\System32\nwprovau.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000028@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\GUGLIELMO\Menu Avvio\Programmi\Esecuzione automatica = Registration Catz.LNK

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
NkbMonitor.exe.lnk = NkbMonitor.exe.lnk
WG111v2 Smart Wizard Wireless Setting.lnk = WG111v2 Smart Wizard Wireless Setting.lnk

---- EOF - GMER 1.0.14 ----
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta


Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 10:27 am

perché non funziona mostra/nascondi log? lo sapevo che non mi riusciva...mi sento un'incapace...aiuuuuto11
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda crazy.cat » lun dic 22, 2008 10:54 am

Intanto scarica Malwarebytes, lo installi e aggiorni, fai la scansione e alla fine rimuovi tutto quello che trova.
Così cominciamo ad eliminare antivirus 360 e un altro adware che hai installato.
Download Malwarebytes

Ma gli avvisi che ti escono fuori sono di avast o di antivirus 360?

Adesso leggo il resto del log.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 11:05 am

gli avvisi sono di antivirus 360, ora provo a scaricare l' antimalware, sperando che il collegamento su internet duri abbastanza...comunque grazie per il grande aiuto...a presto
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda crazy.cat » lun dic 22, 2008 11:07 am

fiorellino ha scritto:gli avvisi sono di antivirus 360

Allora sono tutti fasulli, con malwarebytes lo pulisci completamente.
Stavo caricando un articolo proprio su questo rogue software su come ci si infetta e come lo si rimuove.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: win 32 trojan - gen

Messaggioda crazy.cat » lun dic 22, 2008 11:27 am

Dopo la scansione con malwarebytes, controlla se questi due file
C:\WINDOWS\system32\jnutevka.dll
C:\Documents and Settings\GUGLIELMO\msvsc.exe
sono ancora presenti nel tuo pc.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 11:39 am

C:\WINDOWS\system32\jnutevka.dll
è ancora presente, l'altro no, comunque grazie per l'aiuto, ho eseguito il malwarebytes, ha riscontrato 496 errori, ma poichè è tutto in inglese ed io conosco appena questa lingua non sono sicura di averlo eseguito correttamente, però dopo aver riavviato il sistema, l'antivirus 360 è ancora istallato, come faccio a liberarmene? grazie, grazie, grazie...
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda Amantide » lun dic 22, 2008 11:47 am

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: win 32 trojan - gen

Messaggioda crazy.cat » lun dic 22, 2008 11:57 am

fiorellino ha scritto:come faccio a liberarmene? grazie, grazie, grazie...

Quando finisce la scansione bisogna selezionare tutte le caselline dei problemi trovati, poi in basso a sinistra c'è il pulsante per la rimozione dei problemi trovati. Devi premere quello altrimenti non si rimuove niente.
Il programma si può far diventare in italiano, è nelle opzioni ma non ricordo di preciso dove si trovi la voce giusta.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 12:29 pm

Siete veramente mitici, non so come avrei fatto senza il vostro aiuto...ho avviato combofix che al termine mostra questo risultato:

ComboFix 08-12-21.04 - GUGLIELMO 2008-12-22 11.57.27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.223.38 [GMT 1:00]
Running from: c:\documents and settings\GUGLIELMO\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GUGLIELMO\Dati applicazioni\FunWebProducts
c:\documents and settings\GUGLIELMO\Dati applicazioni\FunWebProducts\Data\GUGLIELMO\avatar.dat
c:\documents and settings\GUGLIELMO\Dati applicazioni\FunWebProducts\Data\GUGLIELMO\outfit.dat
c:\documents and settings\GUGLIELMO\Dati applicazioni\FunWebProducts\Data\GUGLIELMO\zbucks.dat
c:\documents and settings\Rosa 2\Dati applicazioni\FunWebProducts
c:\documents and settings\Rosa 2\Dati applicazioni\FunWebProducts\Data\Rosa 2\avatar.dat
c:\programmi\A360
c:\programmi\A360\av360.exe
c:\programmi\FunWebProducts
c:\programmi\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\programmi\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.htmlx
c:\programmi\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\programmi\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\programmi\FunWebProducts\Shared\Cache\WebfettiBtn-new.htmlx
c:\programmi\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\programmi\Internet Explorer\msimg32.dll
c:\programmi\MyWebSearch
c:\programmi\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\programmi\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\programmi\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\programmi\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\programmi\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\programmi\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\programmi\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\programmi\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\programmi\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\programmi\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\programmi\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\programmi\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\programmi\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\programmi\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\programmi\MyWebSearch\bar\Avatar\COMMON.F3S
c:\programmi\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\programmi\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\programmi\MyWebSearch\bar\Avatar\COMMON\common.css
c:\programmi\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\include.js
c:\programmi\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\programmi\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\programmi\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\programmi\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\programmi\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\programmi\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\programmi\MyWebSearch\bar\Cache\0002D7A9
c:\programmi\MyWebSearch\bar\Cache\0002EC69
c:\programmi\MyWebSearch\bar\Cache\0002EF96.bin
c:\programmi\MyWebSearch\bar\Cache\0002F90C.bin
c:\programmi\MyWebSearch\bar\Cache\0002F9C7
c:\programmi\MyWebSearch\bar\Cache\0002FA54.bin
c:\programmi\MyWebSearch\bar\Cache\0002FB9C.bin
c:\programmi\MyWebSearch\bar\Cache\0002FCE4.bin
c:\programmi\MyWebSearch\bar\Cache\0014A3FF
c:\programmi\MyWebSearch\bar\Cache\0014ADD2
c:\programmi\MyWebSearch\bar\Cache\002C4A32.bin
c:\programmi\MyWebSearch\bar\Cache\002C4CA3.bin
c:\programmi\MyWebSearch\bar\Cache\002C4FFE.bin
c:\programmi\MyWebSearch\bar\Cache\002C5638.bin
c:\programmi\MyWebSearch\bar\Cache\0078A7D1
c:\programmi\MyWebSearch\bar\Cache\files.ini
c:\programmi\MyWebSearch\bar\Game\CHECKERS.F3S
c:\programmi\MyWebSearch\bar\Game\CHESS.F3S
c:\programmi\MyWebSearch\bar\Game\REVERSI.F3S
c:\programmi\MyWebSearch\bar\History\search3
c:\programmi\MyWebSearch\bar\icons\CM.ICO
c:\programmi\MyWebSearch\bar\icons\MFC.ICO
c:\programmi\MyWebSearch\bar\icons\PSS.ICO
c:\programmi\MyWebSearch\bar\icons\SMILEY.ICO
c:\programmi\MyWebSearch\bar\icons\WB.ICO
c:\programmi\MyWebSearch\bar\icons\ZWINKY.ICO
c:\programmi\MyWebSearch\bar\Message\COMMON.F3S
c:\programmi\MyWebSearch\bar\Notifier\COMMON.F3S
c:\programmi\MyWebSearch\bar\Notifier\DOG.F3S
c:\programmi\MyWebSearch\bar\Notifier\FISH.F3S
c:\programmi\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\programmi\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAID.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\programmi\MyWebSearch\bar\Notifier\OPERA.F3S
c:\programmi\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SURFER.F3S
c:\programmi\MyWebSearch\bar\Settings\prevcfg2.htm
c:\programmi\MyWebSearch\bar\Settings\s_pid.dat
c:\programmi\MyWebSearch\bar\Settings\setting2.htm
c:\programmi\MyWebSearch\bar\Settings\settings.dat
c:\programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\awtrSkIB.dll
c:\windows\system32\byXNhggh.dll
c:\windows\system32\cbXQkkkj.dll
c:\windows\system32\ddcdbBuS.dll
c:\windows\system32\ddcyWoMf.dll
c:\windows\system32\efcCvWNd.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\jnutevka.dll
c:\windows\system32\khfcawxY.dll
c:\windows\system32\khfFWPHy.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mlJCtTLf.dll
c:\windows\system32\mlJYSjIc.dll
c:\windows\system32\MWFLlnpo.ini
c:\windows\system32\MWFLlnpo.ini2
c:\windows\system32\nnnkJDsT.dll
c:\windows\system32\opnlMFXp.dll
c:\windows\system32\qoMfdaYr.dll
c:\windows\system32\qoMffDvu.dll
c:\windows\system32\rqRHayYR.dll
c:\windows\system32\rqRHwurq.dll
c:\windows\system32\rqRKBUlM.dll
c:\windows\system32\ssqPgFYo.dll
c:\windows\system32\urqOGApp.dll
c:\windows\system32\vtUlMcAt.dll
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\wvUoPGax.dll
c:\windows\system32\wvUoPjKe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_Iprip
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-22 11:18 . 2008-12-22 11:18 <DIR> d-------- c:\documents and settings\GUGLIELMO\Dati applicazioni\ByteCrusher
2008-12-22 11:18 . 2008-12-22 12:19 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-22 11:17 . 2008-12-22 11:17 <DIR> d-------- c:\programmi\ByteCrusher
2008-12-22 09:50 . 2008-12-22 10:31 250 --a------ c:\windows\gmer.ini
2008-12-22 09:15 . 2008-12-22 09:15 268 --ah----- C:\sqmdata06.sqm
2008-12-22 09:15 . 2008-12-22 09:15 244 --ah----- C:\sqmnoopt06.sqm
2008-12-21 09:38 . 2008-12-22 09:46 1,639,259 ---hs---- c:\windows\system32\akvetunj.ini
2008-12-21 09:38 . 2008-12-21 09:38 69,682 --a------ c:\documents and settings\GUGLIELMO\msvsc.exe
2008-12-17 13:28 . 2008-12-17 13:28 83,456 --a------ C:\prin.exe
2008-12-08 10:19 . 2008-12-08 10:19 <DIR> dr-hs---- C:\CONFIG
2008-12-07 16:56 . 2008-12-07 16:56 73,216 --a------ C:\osy.exe
2008-12-07 13:24 . 2008-12-07 21:48 <DIR> d-------- c:\windows\system32\it-it
2008-12-07 12:36 . 2008-12-07 12:36 268 --ah----- C:\sqmdata05.sqm
2008-12-07 12:36 . 2008-12-07 12:36 244 --ah----- C:\sqmnoopt05.sqm
2008-12-07 12:10 . 2008-12-07 12:10 268 --ah----- C:\sqmdata04.sqm
2008-12-07 12:10 . 2008-12-07 12:10 244 --ah----- C:\sqmnoopt04.sqm
2008-11-26 15:00 . 2008-11-26 15:00 <DIR> d-------- c:\programmi\Fun Web Products
2008-11-23 09:30 . 2008-11-23 09:47 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-23 09:28 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-11-23 09:28 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-23 09:27 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-23 09:27 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-23 09:27 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-23 09:27 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-23 09:27 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-23 09:24 . 2008-10-16 14:12 35,864 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-23 09:24 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-23 09:24 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-23 09:24 . 2008-10-16 14:07 19,480 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-22 23:12 . 2008-11-22 23:12 <DIR> d--hs---- c:\documents and settings\GUGLIELMO\UserData
2008-11-22 19:57 . 2008-11-22 19:57 <DIR> d-------- c:\windows\OPTIONS
2008-11-22 19:57 . 2008-11-22 19:57 <DIR> d-------- c:\programmi\NETGEAR
2008-11-22 19:57 . 2006-03-20 19:22 196,608 --a------ c:\windows\system32\WG1v2Lib.dll
2008-11-22 19:57 . 2006-03-16 11:39 167,808 --a------ c:\windows\system32\drivers\wg111v2.sys
2008-11-22 19:57 . 2003-11-18 09:27 155,648 --a------ c:\windows\system32\IpLib.dll
2008-11-22 19:57 . 2005-12-29 00:16 114,688 -ra------ c:\windows\system32\EnumDev111.dll
2008-11-22 19:57 . 2002-10-02 08:57 13,532 --a------ c:\windows\system32\drivers\SjyPkt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 10:48 --------- d-----w c:\programmi\Scholastic
2008-12-22 10:45 --------- d-----w c:\programmi\Evviva Biliardo 3D
2008-12-14 17:52 --------- d-----w c:\programmi\Matmagi2
2008-12-14 17:52 --------- d-----w c:\programmi\Iorio software
2008-12-07 12:51 --------- d-----w c:\programmi\Finson Connect
2008-11-25 12:47 --------- d-----w c:\programmi\MSN Messenger
2008-11-22 18:57 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-17 17:06 --------- d-----w c:\programmi\Caccia alle parole
2008-10-26 16:53 --------- d-----w c:\programmi\Alwil Software
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 18:58 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-20 18:58 147,456 ------w c:\windows\Setup1.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 17:43 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BCROReminder"="c:\programmi\ByteCrusher\RegistryOptimax\BCRO.exe" [2008-10-27 2000664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-09-30 98304]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"BCROReminder"="c:\programmi\ByteCrusher\RegistryOptimax\BCRO.exe" [2008-10-27 2000664]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
NkbMonitor.exe.lnk - c:\programmi\Nikon\PictureProject\NkbMonitor.exe [2007-09-30 118784]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2008-11-22 745472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\Supreme\\Supreme.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\GUGLIELMO\\msvsc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-22 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-22 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2008-10-26 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2008-11-22 167808]
R3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2008-11-22 13532]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\Rubrica.job
- c:\progra~1\OUTLOO~1\wab.exe [2004-08-19 13:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D90073E2-66B2-4CFE-8ABE-73B762B03710} - c:\windows\system32\opnlLFWM.dll
HKCU-Run-67368622290937849074218977977194 - c:\programmi\A360\av360.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-VTTimer - VTTimer.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.a2articles.com
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm147YYIT
TCP: {57B76B7B-EAF1-4065-9124-8F19C34CBCCE} = 62.101.81.80,62.101.81.81
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 12:17:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\File comuni\PCSuite\Services\ServiceLayer.exe
c:\programmi\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
.
**************************************************************************
.
Completion time: 2008-12-22 12:24:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-22 11:24:53

Pre-Run: 65.917.009.920 byte disponibili
Post-Run: 66,149,994,496 byte disponibili

329 --- E O F --- 2008-12-07 20:48:52
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 12:41 pm

PERCHE' E' COMPARSA QUESTA SCRITTA IN ROSSO??? COSA HO, ADESSO CHE NON VA????? MI SENTO DISPERATAMENTE INCAPACE!!!AIUTISSIMo!!!
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 12:57 pm

[applauso+] mitici amici di MegaLab, mi sembra che il computer abbia ripreso a funzionare regolarmente e ve ne sono immensamente grata [8D] , se dovessi avere ancora problemi o nuove infezioni, non esiterò a contattarvi perché siete i migliori [^] [^] [brindisi] e Buone feste a tutti voi
kiss by fiorellino
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda Amantide » lun dic 22, 2008 2:24 pm

Aspetta, c'è un altro po' di robaccia da eliminare [:)]

Copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File::
c:\windows\system32\akvetunj.ini
c:\documents and settings\GUGLIELMO\msvsc.exe
C:\prin.exe
C:\osy.exe
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\GUGLIELMO\\msvsc.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]

Folder::
c:\programmi\Fun Web Products
c:\config

Ora trascina il file CFScript.txt sull'icona di ComboFix. Aspetta il termine della scansione e posta il nuovo log di Combofix.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 3:18 pm

ho fatto quello che mi haiscritto, spero di aver eliminato la robaccia...ti posto il log di combofix e ti ringrazio di cuore...

ComboFix 08-12-21.04 - GUGLIELMO 2008-12-22 15.01.43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.223.53 [GMT 1:00]
Running from: c:\documents and settings\GUGLIELMO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\GUGLIELMO\Desktop\CFScript.txt..txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
c:\documents and settings\GUGLIELMO\msvsc.exe
C:\osy.exe
C:\prin.exe
c:\windows\system32\akvetunj.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\config
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\documents and settings\GUGLIELMO\msvsc.exe
C:\osy.exe
C:\prin.exe
c:\programmi\Fun Web Products
c:\windows\system32\akvetunj.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-22 11:18 . 2008-12-22 11:18 <DIR> d-------- c:\documents and settings\GUGLIELMO\Dati applicazioni\ByteCrusher
2008-12-22 11:18 . 2008-12-22 15:10 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-22 11:17 . 2008-12-22 11:17 <DIR> d-------- c:\programmi\ByteCrusher
2008-12-22 09:50 . 2008-12-22 10:31 250 --a------ c:\windows\gmer.ini
2008-12-22 09:15 . 2008-12-22 09:15 268 --ah----- C:\sqmdata06.sqm
2008-12-22 09:15 . 2008-12-22 09:15 244 --ah----- C:\sqmnoopt06.sqm
2008-12-07 13:24 . 2008-12-07 21:48 <DIR> d-------- c:\windows\system32\it-it
2008-12-07 12:36 . 2008-12-07 12:36 268 --ah----- C:\sqmdata05.sqm
2008-12-07 12:36 . 2008-12-07 12:36 244 --ah----- C:\sqmnoopt05.sqm
2008-12-07 12:10 . 2008-12-07 12:10 268 --ah----- C:\sqmdata04.sqm
2008-12-07 12:10 . 2008-12-07 12:10 244 --ah----- C:\sqmnoopt04.sqm
2008-11-23 09:30 . 2008-11-23 09:47 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-23 09:28 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-11-23 09:28 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-23 09:27 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-23 09:27 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-23 09:27 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-23 09:27 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-23 09:27 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-23 09:24 . 2008-10-16 14:12 35,864 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-23 09:24 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-23 09:24 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-23 09:24 . 2008-10-16 14:07 19,480 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-22 23:12 . 2008-11-22 23:12 <DIR> d--hs---- c:\documents and settings\GUGLIELMO\UserData
2008-11-22 19:57 . 2008-11-22 19:57 <DIR> d-------- c:\windows\OPTIONS
2008-11-22 19:57 . 2008-11-22 19:57 <DIR> d-------- c:\programmi\NETGEAR
2008-11-22 19:57 . 2006-03-20 19:22 196,608 --a------ c:\windows\system32\WG1v2Lib.dll
2008-11-22 19:57 . 2006-03-16 11:39 167,808 --a------ c:\windows\system32\drivers\wg111v2.sys
2008-11-22 19:57 . 2003-11-18 09:27 155,648 --a------ c:\windows\system32\IpLib.dll
2008-11-22 19:57 . 2005-12-29 00:16 114,688 -ra------ c:\windows\system32\EnumDev111.dll
2008-11-22 19:57 . 2002-10-02 08:57 13,532 --a------ c:\windows\system32\drivers\SjyPkt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 10:48 --------- d-----w c:\programmi\Scholastic
2008-12-22 10:45 --------- d-----w c:\programmi\Evviva Biliardo 3D
2008-12-14 17:52 --------- d-----w c:\programmi\Matmagi2
2008-12-14 17:52 --------- d-----w c:\programmi\Iorio software
2008-12-07 12:51 --------- d-----w c:\programmi\Finson Connect
2008-11-25 12:47 --------- d-----w c:\programmi\MSN Messenger
2008-11-22 18:57 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-17 17:06 --------- d-----w c:\programmi\Caccia alle parole
2008-10-26 16:53 --------- d-----w c:\programmi\Alwil Software
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 18:58 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-20 18:58 147,456 ------w c:\windows\Setup1.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 17:43 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-22_12.23.30.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-22 11:49:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_708.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BCROReminder"="c:\programmi\ByteCrusher\RegistryOptimax\BCRO.exe" [2008-10-27 2000664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-09-30 98304]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"BCROReminder"="c:\programmi\ByteCrusher\RegistryOptimax\BCRO.exe" [2008-10-27 2000664]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
NkbMonitor.exe.lnk - c:\programmi\Nikon\PictureProject\NkbMonitor.exe [2007-09-30 118784]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2008-11-22 745472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\Supreme\\Supreme.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-22 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-22 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2008-10-26 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2008-11-22 167808]
R3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2008-11-22 13532]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\Rubrica.job
- c:\progra~1\OUTLOO~1\wab.exe [2004-08-19 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.libero.it/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm147YYIT
TCP: {57B76B7B-EAF1-4065-9124-8F19C34CBCCE} = 62.101.81.80,62.101.81.81
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 15:08:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\File comuni\PCSuite\Services\ServiceLayer.exe
c:\programmi\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
.
**************************************************************************
.
Completion time: 2008-12-22 15:13:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-22 14:13:37
ComboFix2.txt 2008-12-22 11:25:01

Pre-Run: 66.086.490.112 byte disponibili
Post-Run: 66,087,755,776 byte disponibili

173 --- E O F --- 2008-12-07 20:48:52
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda Amantide » lun dic 22, 2008 3:42 pm

Ok, ora il pc sembra essere pulito [^]

P.S. Correggi il tag LOG.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: win 32 trojan - gen

Messaggioda fiorellino » lun dic 22, 2008 3:53 pm

grazie, [:)] sei FENOMENALE... tutti voi siete eccezionali... [applauso+] sono sbalordita dalle competenze e capacità che avete di risolvere problemi per me impossibili [rotolo] ora però mi chiedo cosa intendi con Correggi il tag LOG.? [:-H] GRAZIE,GRAZIE e ancora GRAZIE per la disponibilità dimostrata...
Avatar utente
fiorellino
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: lun dic 15, 2008 5:56 pm
Località: Caserta

Re: win 32 trojan - gen

Messaggioda Amantide » lun dic 22, 2008 4:40 pm

fiorellino ha scritto:ora però mi chiedo cosa intendi con Correggi il tag LOG.?

L'hai già fatto [^]
Semplicemente avevi sbagliato ad incollare il log in mezzo ai tag [LOG][ /LOG]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: win 32 trojan - gen

Messaggioda crazy.cat » lun dic 22, 2008 4:46 pm

Amantide ha scritto:L'hai già fatto [^]

Fatto io...
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Majestic-12 [Bot] e 2 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising