Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

--- URGENTE: qualcosa mi ha disinstallato firewall e antivir

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

--- URGENTE: qualcosa mi ha disinstallato firewall e antivir

Postdi (b)ananartista » 04/01/07 02:33

e antivirus
e non riesco più a installarli.


per esempio installo ashampoo
però quando si tratta di farlo partire
mi dice che manca
firewall.exe

cos'è?

qual è il mio problema?

qualcuno sa risolvermelo.


ATTENDO consigli e soluzioni.


ecco il mio LOG:

Logfile of HijackThis v1.99.1
Scan saved at 2.33.35, on 04/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\bananartista\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmi\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe ntpi32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ntpi32.exe
O2 - BHO: (no name) - {0FB5712C-C9B5-4A12-A842-A3D57AABBBB7} - C:\WINNT\system32\awtsq.dll (file missing)
O2 - BHO: (no name) - {5CBB6EA7-1EDC-4742-8EA1-D31A4A09B462} - C:\WINNT\system32\vtsqq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TrustInstaller] J:\Setup.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe] C:\metasploit.exe
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] ntpi32.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E737B55-ADF2-4BB6-A72E-21656714761E}: NameServer = 85.37.17.15 85.38.28.74
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: awtsq - C:\WINNT\system32\awtsq.dll (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINNT\system32\q086lals1dq6.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINNT\system32\SQMSRV.DLL (file missing)
O20 - Winlogon Notify: vtsqq - C:\WINNT\system32\vtsqq.dll (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: Bluetooth System Drivers (Btsdriv) - Unknown owner - C:\WINNT\system32\btsdriv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe



????
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Sponsor
 

Postdi (b)ananartista » 04/01/07 10:55

nessuno riesce ad aiutarmi?
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 04/01/07 11:26

(b)ananartista ha scritto:nessuno riesce ad aiutarmi?

Ciao, copia l'eseguibile di hijackthis (.exe) in una cartella permanente del disco fisso appositamente creata, non desktop nè temporanea, in modo che il programma possa fare un backup delle voci rimosse.
Apri hijackthis dalla nuova cartella, premi "do a system scan only", cerca e spunta le seguenti voci:
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmi\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe ntpi32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ntpi32.exe
O2 - BHO: (no name) - {0FB5712C-C9B5-4A12-A842-A3D57AABBBB7} - C:\WINNT\system32\awtsq.dll (file missing)
O2 - BHO: (no name) - {5CBB6EA7-1EDC-4742-8EA1-D31A4A09B462} - C:\WINNT\system32\vtsqq.dll (file missing)
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [Adobe] C:\metasploit.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] ntpi32.exe
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: awtsq - C:\WINNT\system32\awtsq.dll (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINNT\system32\q086lals1dq6.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINNT\system32\SQMSRV.DLL (file missing)
O20 - Winlogon Notify: vtsqq - C:\WINNT\system32\vtsqq.dll (file missing)
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe

premi fix checked

Scarica KILLBOX da qui
http://www.bleepingcomputer.com/files/s ... illBox.zip
- estrailo sul desktop e apri la cartella che lo contiene e quindi avvialo
- Seleziona l'opzione Delete on Reboot . Nello spazio scrivi il percorso del file da eliminare
C:\WINNT\system32\drivers\csrss.exe
e clicchi sulla crocetta rossa (rispondi di no alla richiesta di riavvio)
Inserisci poi:
C:\Programmi\DeluxeCommunications\Dxc.exe
e clicchi sulla crocetta rossa (rispondi di no alla richiesta di riavvio)
Inserisci poi:
C:\metasploit.exe
e clicchi sulla crocetta rossa (rispondi a questo punto di Sì alla richiesta di riavvio)

Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti (consigliato)"
Click Ok

Cerca ed elimina le seguenti cartelle:
C:\Programmi\DeluxeCommunications

cancella il seguente file:
ntpi32.exe (da cercare)

Poi elimina tutti i file temporanei di windows (temp e tmp) >fai così:
start>cerca>tutti i file e cartelle, nello spazio bianco “nome del file o parte del nome” copi : *.temp; *.tmp
ed elimini tutti quelli trovati, selezionandoli e cancellandoli),

Cancella tutti i file temporanei di IE ( pannello di controllo>opzioni internet>elimina file temporanei (spuntando anche la casella “elimina tutto il contenuto non in linea”>OK, cancella la cronologia, cancella i cookies,

Svuota il cestino.

Riavvia in modalità normale, collegati qui:
http://collectiontricks.p2pforum.it/mod ... idedito=23
e utilizza Vundo fix.
Poi qui:
http://collectiontricks.p2pforum.it/mod ... ?idedito=6
(tool per Look2me)

Scarica superantispyware ed.free da qui:
http://www.superantispyware.com/
lo aggiorni e fai uno scan completo del computer.

Posta poi nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 04/01/07 15:32

ho provato ad arrangiarmi da solo,
ho fatto una scansione con ad-ware
(l'unica cosa che ero riuscito ad installare),
poi ho installato ashampoo
e avg.
tutto ok adesso.
l'unica è che non riesco ad eliminare deluxecommunications.

vabè cmq il mio log adesso è questo:


Logfile of HijackThis v1.99.1
Scan saved at 15.34.56, on 04/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINNT\explorer.exe
C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
C:\Programmi\Grisoft\AVG Free\avgwb.dat
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINNT\system32\taskmgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINNT\winhlp32.exe
C:\Programmi\DivX\DivX Player\DivX Player.exe
C:\Programmi\DivX\DivX Player\DivX Player.exe
C:\Programmi\DivX\DivX Player\DivX Player.exe
C:\WINNT\system32\SNDVOL32.EXE
C:\Programmi\Windows Media Player\setup_wm.exe
C:\Documents and Settings\bananartista\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmi\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ntpi32.exe
O2 - BHO: (no name) - {0FB5712C-C9B5-4A12-A842-A3D57AABBBB7} - C:\WINNT\system32\awtsq.dll (file missing)
O2 - BHO: (no name) - {5CBB6EA7-1EDC-4742-8EA1-D31A4A09B462} - C:\WINNT\system32\vtsqq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TrustInstaller] J:\Setup.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe] C:\metasploit.exe
O4 - HKLM\..\Run: [hldrrr] C:\WINNT\system32\hldrrr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ashampoo FireWall PRO] "C:\Programmi\Ashampoo\Ashampoo FireWall PRO\FireWall.exe" -TRAY
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\bananartista\Dati applicazioni\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINNT\system32\hldrrr.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] ntpi32.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E737B55-ADF2-4BB6-A72E-21656714761E}: NameServer = 85.37.17.15 85.38.28.74
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: awtsq - C:\WINNT\system32\awtsq.dll (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINNT\system32\q086lals1dq6.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINNT\system32\SQMSRV.DLL (file missing)
O20 - Winlogon Notify: vtsqq - C:\WINNT\system32\vtsqq.dll (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth System Drivers (Btsdriv) - Unknown owner - C:\WINNT\system32\btsdriv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 04/01/07 15:39

Ciao, hai eseguito le operazioni che ti ho suggerito? Sembra di no.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 04/01/07 15:47

Luke57 ha scritto:Ciao, hai eseguito le operazioni che ti ho suggerito? Sembra di no.



no,
però tutto a ripreso a funzionare perfettamente.
è forse un miracolo?



(b)ananartista
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 04/01/07 16:27

(b)ananartista ha scritto:
Luke57 ha scritto:Ciao, hai eseguito le operazioni che ti ho suggerito? Sembra di no.



no,
però tutto a ripreso a funzionare perfettamente.
è forse un miracolo?



(b)ananartista

Ciao, diciamo un miracolo a metà ;) , nel senso che il log di hijackthis è tale e quale a quello che hai postato per primo, cioè pieno di schifezze varie ;)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 04/01/07 18:10

COME NON DETTO!!!


IL PROblema si è
RIVERIFICATO!

ho seguito le tue istruzioni

(tranne l'eliminazione dei .tmp perchè in modalità provvisoria non si avvia perchè dice che ci sono dei virus)

ho fatto lo scan con superantispyware.


MA NIENTE DA FARE!

c'è qualcosa che mi disinstalla
il firewall ashampoo
e l'antivirus avg.
mi impedisce pure di reinstallarli.
cioè elimina il file .exe dell'istallazione


cosa assilla il mio computer?


ecco il mio log attuale


Logfile of HijackThis v1.99.1
Scan saved at 18.11.04, on 04/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\savedump.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TrustInstaller] J:\Setup.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth System Drivers (Btsdriv) - Unknown owner - C:\WINNT\system32\btsdriv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe



CHE FACCIO??????[/b]
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 04/01/07 20:06

Ciao, segui questa procedura:
apri hiajckthis, premi “ do a system scan only”, cerchi e spunti le seguenti voci:
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmi\DeluxeCommunications\Dxc.exe
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe

Premi fix checked

Poi scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla (Ctrl+V) le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs



Folders to delete:
C:\Programmi\DeluxeCommunications

Files to delete:
C:\WINNT\system32\drivers\csrss.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script più log di hijackthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 04/01/07 21:22

ecco il log di avenger:


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mtudqaes

*******************

Script file located at: \??\C:\Documents and Settings\fouheunt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Programmi\DeluxeCommunications not found!
Deletion of folder C:\Programmi\DeluxeCommunications failed!

Could not process line:
C:\Programmi\DeluxeCommunications
Status: 0xc0000034

File C:\WINNT\system32\drivers\csrss.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.



e il log di hijackthis:


Logfile of HijackThis v1.99.1
Scan saved at 21.24.32, on 04/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINNT\system32\notepad.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TrustInstaller] J:\Setup.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E737B55-ADF2-4BB6-A72E-21656714761E}: NameServer = 85.37.17.15 85.38.28.74
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth System Drivers (Btsdriv) - Unknown owner - C:\WINNT\system32\btsdriv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)



e adesso come agisco?
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi (b)ananartista » 04/01/07 21:46

ancora ho gli stessi problemi di prima.
non si installano firewall e antivirus.
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 05/01/07 08:40

Ciao, riapri hiajckthis, premi "do a system scan only", cerca e spunta le seguenti voci:
O4 - HKLM\..\Run: [TrustInstaller] J:\Setup.EXE
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
premi fix checked

Cancella il file:
J:\Setup.EXE
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 05/01/07 12:59

csrss.exe


non si toglie.


lo fixo ma continua ad apparire nel log.

e dove lo trovo il file
J:\setup.exe ?


non ho un disco J:\


ma sono loro che mi danneggiano firewall e antivirus?


attendendo e grazie.


)
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 05/01/07 13:21

Ciao, scarica Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe. Nella finestra che si apre premi il tab>>>> per accedere ad Avanzate, scegli il tab Autostart, spunta la casella "show all" e premi il tasto Scan. Terminata la scansione premi il tasto "copy", incolla il contenuto in un post. Verifica che ci sia entrato tutto, è abbastanza lungo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 05/01/07 13:29

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-05 13:33:29
Windows 5.0.2195 Service Pack 4


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINNT\SYSTEM32\Userinit.exe, = C:\WINNT\SYSTEM32\Userinit.exe,
@Shellexplorer.exe = explorer.exe
@System =

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
wzcnotif@DLLName = wzcdlg.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ATI Smart /*ATI Smart*/@ = C:\WINNT\system32\ati2sgag.exe
Browser /*Browser di computer*/@ = %SystemRoot%\System32\services.exe
Btsdriv /*Bluetooth System Drivers*/@ = "C:\WINNT\system32\btsdriv.exe" /*file not found*/
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINNT\system32\CTsvcCDA.exe
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\services.exe
dmserver /*Gestione disco logico*/@ = %SystemRoot%\System32\services.exe
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\services.exe
Event /*Events Log*/@ = %systemroot%\system32\drivers\csrss.exe -k NetworkService /*file not found*/
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
lanmanserver /*Server*/@ = %SystemRoot%\System32\services.exe
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\services.exe
LmHosts /*Servizio guida TCP/IP NetBIOS*/@ = %SystemRoot%\System32\services.exe
NtmsSvc /*Gestione archivi rimovibili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Agente criteri IPSEC*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\services.exe
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione protezione account*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\system32\MSTask.exe
seclogon /*Servizio RunAs*/@ = %SystemRoot%\system32\services.exe
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StiSvc /*Still Image Service*/@ = %systemroot%\system32\stisvc.exe
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\services.exe
WinMgmt /*Strumentazione gestione Windows*/@ = %SystemRoot%\System32\WBEM\WinMgmt.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINNT\system32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@WINDVDPatchCTHELPER.EXE = CTHELPER.EXE
@Jet DetectionC:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
@CTStartupC:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run d?-???/lg?/l??? j? xP"?x????4 ?? x4 ?? x4 ?a,l4 ? ? ?&/ t?? d?-?d?-?d?-???? ? ? ???w??G d?-?d?-???? A?/l?a,l??G d?? d?-?d?-?d?-???,l? ? d?-?~?,ld?-??&/ ??,l?&/ ?C@ x?? ??(lx?? ???xd?-???@ /*file not found*/ = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run d?-???/lg?/l??? j? xP"?x????4 ?? x4 ?? x4 ?a,l4 ? ? ?&/ t?? d?-?d?-?d?-???? ? ? ???w??G d?-?d?-???? A?/l?a,l??G d?? d?-?d?-?d?-???,l? ? d?-?~?,ld?-??&/ ??,l?&/ ?C@ x?? ??(lx?? ???xd?-???@ /*file not found*/
@Synchronization Managermobsync.exe /logon = mobsync.exe /logon
@HPDJ Taskbar UtilityC:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe = C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@JeticoPFStartup"C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe" = "C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Yahoo! Pager"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
@TaskTrayC:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe = C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
@TaskBarC:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe = C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
@drvsyskitC:\Documents and Settings\bananartista\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\bananartista\Dati applicazioni\hidires\hidr.exe
@SUPERAntiSpywareC:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@Network.ConnectionTrayC:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTraystobject.dll = stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINNT\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Programmi\SUPERAntiSpyware\SASSEH.DLL = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*Estensione CPL PlusPack*/plustab.dll = plustab.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINNT\System32\hticons.dll = C:\WINNT\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensioni di shell per Windows Script Host*/C:\WINNT\system32\wshext.dll = C:\WINNT\system32\wshext.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Rete e connessioni remote*/C:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll
@{1A9BA3A0-143A-11CF-8350-444553540000} /*Cartella Preferiti*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{20D04FE0-3AEA-1069-A2D8-08002B30309D} /*Risorse del computer*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{86747AC0-42A0-1069-A2E6-08002B30309D} /*Cartella Sincronia file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{0AFACED1-E828-11D1-9187-B532F1E9575D} /*Collegamento alla cartella*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{12518493-00B2-11d2-9FA5-9E3420524153} /*Volume installato*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{21B22460-3AEA-1069-A2DC-08002B30309D} /*Estensione pagina proprietà file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{B091E540-83E3-11CF-A713-0020AFD79762} /*Pagina tipi di file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{FBF23B41-E3F0-101B-8488-00AA003E56F8} /*Hook di tipi di file MIME*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{C2FBB630-2971-11d1-A18C-00C04FD75D13} /*Servizio CopyTo Microsoft*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{C2FBB631-2971-11d1-A18C-00C04FD75D13} /*Microsoft MoveTo Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{13709620-C279-11CE-A49E-444553540000} /*Servizio automazione della shell*/C:\WINNT\system32\shell32.dll = C:\WINNT\system32\shell32.dll
@{62112AA1-EBE4-11cf-A5FB-0020AFE7292D} /*Shell Automation Folder View*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{4622AD11-FF23-11d0-8D34-00A0C90F2719} /*Menu Avvio*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{7BA4C740-9E81-11CF-99D3-00AA004AE837} /*Microsoft SendTo Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{D969A300-E7FF-11d0-A93B-00A0C90F2719} /*Microsoft New Object Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{09799AFB-AD67-11d1-ABCD-00C04FC30936} /*Apri con gestore menu di scelta rapida*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{3FC0B520-68A9-11D0-8D77-00C04FD70822} /*Mostra estensioni HTML del Pannello di controllo*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{75048700-EF1F-11D0-9888-006097DEACF9} /*ActiveDesktop*/C:\WINNT\system32\shell32.dll = C:\WINNT\system32\shell32.dll
@{6D5313C0-8C62-11D1-B2CD-006097DF8C11} /*Estensione pagina proprietà Opzioni cartella*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{57651662-CE3E-11D0-8D77-00C04FC99D61} /*CmdFileIcon*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{4657278A-411B-11d2-839A-00C04FD918D0} /*Helper trascinamento selezione Shell*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{A470F8CF-A1E8-4f65-8335-227475AA5C46} /*Aggiungere l'elemento di crittografia al menu di scelta rapida in Esplora risorse*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{568804CA-CBD7-11d0-9816-00C04FD91972} /*Menu Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{5b4dae26-b807-11d0-9815-00c04fd91972} /*Menu Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8278F931-2A3E-11d2-838F-00C04FD918D0} /*Tracking Shell Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{E13EF4E4-D2F2-11d0-9816-00C04FD91972} /*Menu Site*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4F-521C-11D0-B792-00A0C90312E1} /*Menu Desk Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{D82BE2B0-5764-11D0-A96E-00C04FD705A2} /*IShellFolderBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{0E5CBF21-D15F-11d0-8301-00AA005B4383} /*Co&llegamenti*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7487cd30-f71a-11d0-9ea7-00805f714772} /*Immagine di anteprima*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\system32\sendmail.dll = C:\WINNT\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\system32\sendmail.dll = C:\WINNT\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{EAB841A0-9550-11CF-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Programma di estrazione filtri grafici di Office in anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{9DBD2C50-62AD-11D0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{500202A0-731E-11D0-B829-00C04FD706EC} /*LNK file thumbnail interface delegator*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8C-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{fe1290f0-cfbd-11cf-a330-00aa00c16e65} /*Directory Namespace*/dsfolder.dll = dsfolder.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/dsfolder.dll = dsfolder.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/dsquery.dll = dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/dsquery.dll = dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/dsquery.dll = dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/dsuiext.dll = dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/dsuiext.dll = dsuiext.dll
@{450D8FBA-AD25-11D0-98A8-0800361B1103} /*MyDocs Folder*/mydocs.dll = mydocs.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/mydocs.dll = mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/mydocs.dll = mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/mydocs.dll = mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Menu file non in linea*/cscui.dll = cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Opzioni cartella File non in linea*/cscui.dll = cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/cscui.dll = cscui.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/mmcshext.dll = mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\Common\ymmapi.dll = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{6D783392-581A-4A28-A745-2BA13A1C2DA3} /**/(null) =
@{6E15A7AF-B22E-46CC-ADE3-A978D1AF2A76} /**/(null) =
@{5A86FA75-1ACA-4902-BF20-7E8C20C18F20} /**/(null) =
@{7AB7779B-A80C-439A-99EE-D46D2577AA6D} /**/(null) =
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/C:\Programmi\SmartFTP Client 2.0\smarthook.dll = C:\Programmi\SmartFTP Client 2.0\smarthook.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINNT\system32\ssmarque.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINNT\system32\blank.htm = C:\WINNT\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
Class Install Handler@CLSID = C:\WINNT\system32\urlmon.dll
deflate@CLSID = C:\WINNT\system32\urlmon.dll
gzip@CLSID = C:\WINNT\system32\urlmon.dll
lzdhtml@CLSID = C:\WINNT\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\shell32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINNT\system32\urlmon.dll
file@CLSID = C:\WINNT\system32\urlmon.dll
ftp@CLSID = C:\WINNT\system32\urlmon.dll
gopher@CLSID = C:\WINNT\system32\urlmon.dll
http@CLSID = C:\WINNT\system32\urlmon.dll
https@CLSID = C:\WINNT\system32\urlmon.dll
its@CLSID = C:\WINNT\System32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
local@CLSID = C:\WINNT\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINNT\system32\urlmon.dll
ms-its@CLSID = C:\WINNT\System32\itss.dll
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
vnd.ms.radio@CLSID = C:\WINNT\system32\msdxm.ocx

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\rnr20.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

C:\Documents and Settings\bananartista\Menu Avvio\Programmi\Esecuzione automatica = OpenOffice.org 2.0.lnk

C:\Documents and Settings\All Users.WINNT\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.exe.lnk = Adobe Gamma Loader.exe.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.12 ----



ho seguito le istruzioni per filo e per segno.
ecco fatto.
va bene?
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 05/01/07 13:49

Ciao, Apri il registro di sistema;
start>esegui>regedit (lo copi nello spazio)>OK
aperto l’editor del registro, clicchi sul segno + accanto alle singole voci e segui questo percorso:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,
Click sulla cartella Run, dovresti trovare nella parte destra:
Drvsyskit C:\Documents and Settings\bananartista\Dati applicazioni\hidires\hidr.exe
Click tasto dx su su Drvsyskit e scegli Elimina
Ciudi il registro.

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla (Ctrl+V) le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Registry kes to delete:
HKLM\SYSTEM\CurrentControlSet\Services\Event

Registry value to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | CTStartup

Folders to dolete:
C:\Documents and Settings\bananartista\Dati applicazioni\hidires



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script più log di hijackthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 05/01/07 13:51

Ciao, lo script corretto è questo:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Registry kes to delete:
HKLM\SYSTEM\CurrentControlSet\Services\Event

Registry value to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | CTStartup

Folders to delete:
C:\Documents and Settings\bananartista\Dati applicazioni\hidires
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 05/01/07 13:52

Ciao, scusa sono un pò fuso, E' QUESTO lo script corretto:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\Event

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | CTStartup

Folders to delete:
C:\Documents and Settings\bananartista\Dati applicazioni\hidires
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 05/01/07 14:14

innanzitutto non ho travato:

C:\Documents and Settings\bananartista\Dati applicazioni\hidires\hidr.exe


ecco poi il log di avenger:


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: Registry kes to delete:


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\SYSTEM\CurrentControlSet\Services\Event


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: Registry value to delete:


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wrgofveh

*******************

Script file located at: \??\C:\xvgvawlc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Documents and Settings\bananartista\Dati applicazioni\hidires deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CTStartup replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.



e infine il log di hijackthis:


Logfile of HijackThis v1.99.1
Scan saved at 14.17.50, on 05/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\WINNT\system32\notepad.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\bananartista\Dati applicazioni\hidires\hidr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E737B55-ADF2-4BB6-A72E-21656714761E}: NameServer = 85.37.17.15 85.38.28.74
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth System Drivers (Btsdriv) - Unknown owner - C:\WINNT\system32\btsdriv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)



dunque?


e gtraz.
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 05/01/07 15:27

Ciao, segui questa procedura:
Apri il registro di sistema, nel seguente percorso
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, click sulla cartella Run
Cancella questi valori (tasto dx del mouse e scegli Elimina) :

"drvsyskit" = C:\Documents and Settings\bananartista\Dati applicazioni\hidires\hidr.exe "german.exe" = "%System%\wintems.exe"

Chiudi il registro

Inoltre, esegui Avenger inserendo questo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Registry kes to delete:
HKLM\SYSTEM\CurrentControlSet\Services\Events


Folders to delete:
C:\Documents and Settings\bananartista\Dati applicazioni\hidires

Files to delete:
C:\WINNT\system32\hldrrr.exe


Posta ancora i log.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "--- URGENTE: qualcosa mi ha disinstallato firewall e antivir":


Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti