Condividi:        

Virus, trojan roba che non riesco propio a rimuovere...

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi Marco5003 » 05/02/06 19:29

Questi files:
C.:\Windows\sysmsvc.exe
C:\Windows\System32\sysmsvc.exe

Non sono presenti.

This is a fix/uninstaller for the Version 200 of Look2me
This will only work on this particular version.
This is for xp or windows 2000 only

These infections are usually indicated by these lines in a hijackthis log:

020 - Seeming valid entry or entries followed by nonsense dll names.

First Menu
1. Report Generator to Verify Infection
2. Run Fix
3. This readme.
4. Remove L2mfix account
5. Fix autoexec.nt error on running dos programs.

Upon running the fix The desktop will dissappear and the fix will proceed.
The system will perform the procedure and notify its going to reboot.
Please wait as this can take upwards of 5 mins
After you press any key it will reboot
It will show a log of what was removed and found. If for some reason it does not on bootup open the log
manually from the l2mfix folder. Verify the registry entries that were removed in the log and the registry permissions are set back to normal.
That should be all.

No warranties are expressed or implied. Use at your own risk!!

Follow the approriate instructions from a qualified person on the forums if you are not sure.

Special Thanks to Rubberducky, OSC and Jwbirdsong for the beta tests. Also all the other experts who
were involved in the various threads with input.
Thanks to all the other utility program and script writers Also.
Thanks for yoyo Sharing his ideas and Code.
Thanks to avohir for the ideas.

If you would like to or need to contact me i can be reached at:

spywaresubmit@aol.com

Please visit the following forums for help.

http://www.subratam.org
http://www.spywareinfo.com
http://www.tomcoyote.com
http://www.castlecops.biz
http://www.atribune.org
http://net-integration.net


A Special Thanks to Atribune and Subratam for Hosting the file!
Mirrors Available at
http://downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe
Please do not host anywhere else.


Version 1.0
Version 1.01
Fixed find log error.
Version 1.02
Changed Strings routine
Changed registry routines to improve cleanup
Eliminated vbs portion
added sv1 for useragent on xp sp2 machines
added hosts file cleaning.(still beta)
add shortcut to fix autoexec.nt errors(menu option 5)
added menu entries to restore notify defaults if needed.(entries missing under notify)(menu option 4)
Version 1.02a
added filtering for valid classids under shell extension approved key.
Version 1.03 03/12/2004
Updated for new files versions released.
Version 1.03a
updated for licensing issues
version 1.03b
added remove.com files for fixing log error per gary r and mosiac1 (THANKS!)
made winlogon default entries automatic now. it runs when the fix portion is run.
version 1.03c
added fix for windows update per winhelp and the mskb article
version 1.03d
Changed option 4 to manually restore registry permission if necessary if second.bat fails to complete.
Version 1.04
Added pd strings to solve freezing issue
Version 1.04a
used runonceexkey for reboot.
version 1.99rc
beta to remove latest variant as of 112705
Beta 120905
Added Support for different language versions of windows. Text still in english but should work on more locales now.
Tweaked the second bat to kill files better.
Beta 121205
Couple minor bug fixes.
beta 121605
Fixed some zip bugs
Made a stronger password for some corporate environments.
010406
Fixed some bugs and did away with move command
Marco5003
Utente Junior
 
Post: 49
Iscritto il: 26/01/06 18:34

Sponsor
 

Postdi lucas/s » 05/02/06 20:52

Ciao,hai capito male o forse mi sono spiegato male io.
Allora hai la cartella che si è creata,aprila,trovi il file l2mfix.bat,doppio click sul file,ti si apre la finestra prompt,adesso dove lampeggi il cursore digita 1 e dai un INVIO
Immagine
attendi un pò e si aprirà il block notes,copia e incolla il contenuto di quel block notes
ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi Marco5003 » 06/02/06 14:13

Ho fatto ciò che mi ha detto...
Mi scrive che non è possibile accedere al file e alla fine mi apre questo dopo vari messaggi d'errore

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jt8607lse.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hrrq0595e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{7C399A15-3924-4FD3-753E-115850C36CAB}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Propriet… dei file Multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestore scanner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Pagina di protezione NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Pagina di propriet… di Docfile OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Estensioni shell per la condivisione"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Estensione scheda video del Pannello di controllo"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Estensione monitor del Pannello di controllo"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Estensione panoramica video del Pannello di controllo"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Pagina di protezione DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Pagina compatibilit…"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestore dati dei ritagli di shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Estensione copia dischi"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Estensioni shell per oggetti Rete Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestore monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestore stampante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Estensioni shell per la compressione dei file"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Estensione shell per la stampante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu di scelta rapida di crittografia"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Sincronia file"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Estensione di icona di HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Tipi di carattere"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profilo ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Pagina di protezione della stampante"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Estensioni shell per la condivisione"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Estensione Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Estensione firma crittografata"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connessioni di rete"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connessioni di rete"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner e fotocamere digitali"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner e fotocamere digitali"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner e fotocamere digitali"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner e fotocamere digitali"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner e fotocamere digitali"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Estensione finestra propriet… di aggiornamento automatico"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Estensione shell per Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Operazioni pianificate"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra delle applicazioni e menu di avvio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Cerca"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Guida in linea e supporto tecnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Guida in linea e supporto tecnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Esegui..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Posta elettronica"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Tipi di carattere"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Strumenti di amministrazione"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra degli strumenti Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stato del download"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Shell Folder accresciuto"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Shell Folder 2 accresciuto"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="SearchBand"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Ricerca all'interno"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Ricerca Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilit… opzioni della struttura del Registro di sistema"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Indirizzo"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Completamento automatico Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Elenco di Completamento automatico MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Elenco di Completamento automatico MRU personalizzato"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessibile"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Indicatore di avanzamento popup"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser della barra degli indirizzi"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Elenco di Completamento automatico della Cronologia di Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Elenco di Completamento automatico di Shell Folder di Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenitore dell'elenco di Completamento automatico multiplo Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistenza utente"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Impostazioni cartella globale"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servizio Cronologia Url Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Cronologia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="File temporanei Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="File temporanei Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook per la ricerca di URL Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Schermata iniziale applicazioni Internet Explorer 4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Cartella cache ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Cartella Subscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestione applicazioni shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumeratore applicazioni installate"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI + programma di estrazione file in anteprima"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Programma di estrazione pagine HTML in anteprima"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Pubblicazione guidata sul Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Ordinazione di stampe tramite Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Oggetto Pubblicazione guidata sul Web"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Creazione guidata profilo Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Account utente"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="File del canale"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Collegamento al canale"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Cartella file non in linea"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Contatti..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{0A41B13E-5BB8-4404-88AA-415EE98839BB}"=""
"{5B2B836F-41DE-4513-BC6D-C309E3214B59}"=""
"{B8322641-A4B0-4B5A-8E7A-6388469C2396}"=""
"{DC63E1F3-BC86-4A72-B25F-FE5FF6521937}"=""
"{2C3EDE97-B8C3-41D9-85C7-557E2B50EDB3}"=""
"{DB7FFFAB-B8B4-40ED-BD68-823EB98DF04C}"=""
"{D1E9F0FF-E8ED-489F-8789-34FBD6503E5B}"=""
"{95FAACD7-5C4B-4E03-9950-7E6C6DF5D676}"=""
"{572C771B-BF0F-437C-99A0-AA83BE9831EA}"=""
"{D2507880-45D2-4CAB-A6B5-26ADD5380F48}"=""
"{02BD07D7-CF87-4D8D-9F74-A3B873D34BB7}"=""
"{296B3C43-63AF-48D1-A18F-0B468D4DD5BB}"=""
"{B031E089-E6F5-424F-A2E8-F7CD544F39D0}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{EB3DA846-49C9-4AA3-8EC6-112605436AE0}"=""
"{9FD91FDA-8911-4DD7-9029-FE24849E86EF}"=""
"{9172FC55-CA7F-4A1E-91FB-8BCF8D3203E6}"=""
"{268D0AAB-FDF1-4125-A40F-79922BCBF3E5}"=""
"{53BDF8FC-C4FE-45A3-A5E1-DAF3CA07C20A}"=""
"{956FEBC6-F31B-4E18-B018-FE4CD3225ACF}"=""
"{EB517584-5D03-4ED9-98FF-297A35EFC933}"=""
"{8D12111F-981F-4733-8E50-EA85584B2149}"=""
"{6751DD55-A223-4DE5-9D0D-ADE200A3B12E}"=""
"{9BE5285A-F11D-46DB-87C8-83871267BCBC}"=""
"{F9BCBF1C-E957-487C-AD9F-C909A75EEC87}"=""
"{FDF854F9-4894-4027-9176-033B43E8B454}"=""
"{C438A6D1-E5CD-4775-8B27-C177E8610EA6}"=""
"{C94F5F1C-60A3-4EAC-8957-9086B82291E4}"=""
"{4A54CC46-8432-4FAF-9811-D5E90581722A}"=""
"{D9228C49-4C20-44F4-9518-50840DDC365B}"=""
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{7802B3FF-5F84-4CD9-B184-76752806E02E}"=""
"{2720B9FD-11B7-4BFB-B651-93989BA9B6E1}"=""
"{801C569D-418C-4E51-9FBD-F43B7E54B420}"=""
"{ECDB93B8-DA65-4EA8-A092-1A26B6A8B4B0}"=""
"{480922D0-580C-4F09-9ECE-905E82025D9F}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0A41B13E-5BB8-4404-88AA-415EE98839BB}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{0A41B13E-5BB8-4404-88AA-415EE98839BB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0A41B13E-5BB8-4404-88AA-415EE98839BB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0A41B13E-5BB8-4404-88AA-415EE98839BB}\InprocServer32]
@="C:\\WINDOWS\\system32\\iofgnt5.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2C3EDE97-B8C3-41D9-85C7-557E2B50EDB3}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{2C3EDE97-B8C3-41D9-85C7-557E2B50EDB3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2C3EDE97-B8C3-41D9-85C7-557E2B50EDB3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2C3EDE97-B8C3-41D9-85C7-557E2B50EDB3}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlploc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{95FAACD7-5C4B-4E03-9950-7E6C6DF5D676}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95FAACD7-5C4B-4E03-9950-7E6C6DF5D676}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95FAACD7-5C4B-4E03-9950-7E6C6DF5D676}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95FAACD7-5C4B-4E03-9950-7E6C6DF5D676}\InprocServer32]
@="C:\\WINDOWS\\system32\\moxlegih.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{296B3C43-63AF-48D1-A18F-0B468D4DD5BB}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{296B3C43-63AF-48D1-A18F-0B468D4DD5BB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{296B3C43-63AF-48D1-A18F-0B468D4DD5BB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{296B3C43-63AF-48D1-A18F-0B468D4DD5BB}\InprocServer32]
@="C:\\WINDOWS\\system32\\bksec.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B031E089-E6F5-424F-A2E8-F7CD544F39D0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B031E089-E6F5-424F-A2E8-F7CD544F39D0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B031E089-E6F5-424F-A2E8-F7CD544F39D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B031E089-E6F5-424F-A2E8-F7CD544F39D0}\InprocServer32]
@="C:\\WINDOWS\\system32\\aafsipc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EB3DA846-49C9-4AA3-8EC6-112605436AE0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB3DA846-49C9-4AA3-8EC6-112605436AE0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB3DA846-49C9-4AA3-8EC6-112605436AE0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB3DA846-49C9-4AA3-8EC6-112605436AE0}\InprocServer32]
@="C:\\WINDOWS\\system32\\ogedlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9FD91FDA-8911-4DD7-9029-FE24849E86EF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9FD91FDA-8911-4DD7-9029-FE24849E86EF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9FD91FDA-8911-4DD7-9029-FE24849E86EF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9FD91FDA-8911-4DD7-9029-FE24849E86EF}\InprocServer32]
@="C:\\WINDOWS\\system32\\bhenhan.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{53BDF8FC-C4FE-45A3-A5E1-DAF3CA07C20A}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{53BDF8FC-C4FE-45A3-A5E1-DAF3CA07C20A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53BDF8FC-C4FE-45A3-A5E1-DAF3CA07C20A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53BDF8FC-C4FE-45A3-A5E1-DAF3CA07C20A}\InprocServer32]
@="C:\\WINDOWS\\system32\\nersde.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D12111F-981F-4733-8E50-EA85584B2149}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{8D12111F-981F-4733-8E50-EA85584B2149}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D12111F-981F-4733-8E50-EA85584B2149}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D12111F-981F-4733-8E50-EA85584B2149}\InprocServer32]
@="C:\\WINDOWS\\system32\\svarddlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6751DD55-A223-4DE5-9D0D-ADE200A3B12E}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{6751DD55-A223-4DE5-9D0D-ADE200A3B12E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6751DD55-A223-4DE5-9D0D-ADE200A3B12E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6751DD55-A223-4DE5-9D0D-ADE200A3B12E}\InprocServer32]
@="C:\\WINDOWS\\system32\\DOTMETA2.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9BE5285A-F11D-46DB-87C8-83871267BCBC}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{9BE5285A-F11D-46DB-87C8-83871267BCBC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9BE5285A-F11D-46DB-87C8-83871267BCBC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9BE5285A-F11D-46DB-87C8-83871267BCBC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mtxmlr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FDF854F9-4894-4027-9176-033B43E8B454}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDF854F9-4894-4027-9176-033B43E8B454}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDF854F9-4894-4027-9176-033B43E8B454}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDF854F9-4894-4027-9176-033B43E8B454}\InprocServer32]
@="C:\\WINDOWS\\system32\\mcieftp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C438A6D1-E5CD-4775-8B27-C177E8610EA6}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{C438A6D1-E5CD-4775-8B27-C177E8610EA6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C438A6D1-E5CD-4775-8B27-C177E8610EA6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C438A6D1-E5CD-4775-8B27-C177E8610EA6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mputil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C94F5F1C-60A3-4EAC-8957-9086B82291E4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C94F5F1C-60A3-4EAC-8957-9086B82291E4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C94F5F1C-60A3-4EAC-8957-9086B82291E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C94F5F1C-60A3-4EAC-8957-9086B82291E4}\InprocServer32]
@="C:\\WINDOWS\\system32\\mcc42loc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4A54CC46-8432-4FAF-9811-D5E90581722A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A54CC46-8432-4FAF-9811-D5E90581722A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A54CC46-8432-4FAF-9811-D5E90581722A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4A54CC46-8432-4FAF-9811-D5E90581722A}\InprocServer32]
@="C:\\WINDOWS\\system32\\kfdkyr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D9228C49-4C20-44F4-9518-50840DDC365B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9228C49-4C20-44F4-9518-50840DDC365B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9228C49-4C20-44F4-9518-50840DDC365B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9228C49-4C20-44F4-9518-50840DDC365B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmiwave.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7802B3FF-5F84-4CD9-B184-76752806E02E}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{7802B3FF-5F84-4CD9-B184-76752806E02E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7802B3FF-5F84-4CD9-B184-76752806E02E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7802B3FF-5F84-4CD9-B184-76752806E02E}\InprocServer32]
@="C:\\WINDOWS\\system32\\kndgr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2720B9FD-11B7-4BFB-B651-93989BA9B6E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2720B9FD-11B7-4BFB-B651-93989BA9B6E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2720B9FD-11B7-4BFB-B651-93989BA9B6E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2720B9FD-11B7-4BFB-B651-93989BA9B6E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\ulrcntra.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{801C569D-418C-4E51-9FBD-F43B7E54B420}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{801C569D-418C-4E51-9FBD-F43B7E54B420}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{801C569D-418C-4E51-9FBD-F43B7E54B420}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{801C569D-418C-4E51-9FBD-F43B7E54B420}\InprocServer32]
@="C:\\WINDOWS\\system32\\dpuiext.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ECDB93B8-DA65-4EA8-A092-1A26B6A8B4B0}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{ECDB93B8-DA65-4EA8-A092-1A26B6A8B4B0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECDB93B8-DA65-4EA8-A092-1A26B6A8B4B0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECDB93B8-DA65-4EA8-A092-1A26B6A8B4B0}\InprocServer32]
@="C:\\WINDOWS\\system32\\rtnd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{480922D0-580C-4F09-9ECE-905E82025D9F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{480922D0-580C-4F09-9ECE-905E82025D9F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{480922D0-580C-4F09-9ECE-905E82025D9F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{480922D0-580C-4F09-9ECE-905E82025D9F}\InprocServer32]
@="C:\\WINDOWS\\system32\\nroglnt.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
**********************************************************************************
Directory Listing of system files:
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 207C-02AF

Directory di C:\WINDOWS\System32

06/02/2006 12.24 234.623 lv4u09h9e.dll
06/02/2006 11.58 235.310 jt8607lse.dll
04/02/2006 13.41 <DIR> dllcache
16/12/2005 19.00 <DIR> Microsoft
2 File 469.933 byte
2 Directory 1.450.643.456 byte disponibili
Marco5003
Utente Junior
 
Post: 49
Iscritto il: 26/01/06 18:34

Postdi lucas/s » 06/02/06 14:45

se non mi spieghi i problemi che incontri è difficile per me aiutarti,il log non è completo ma poco importa,dati che quello che mi interessava vedere si vede.
Apri la cartella l2mfix
Doppio click sul file l2mfix.bat
Ti si apre la finestra prompt
Digita 2 dove prima avevi digitato 1
Invio
Probabilmente il desktop e le icone scompariranno è normale
Nella finestra dos vedrai "press any key to reboot" a questo punto premi un tasto qualsiasi per riavviare il pc
Dopo il riavvio si aprirà il block notes,per piacere posta il contenuto del block notes e un log aggiornato di Hijackthis
ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi Marco5003 » 06/02/06 19:22

Il problema è che ogni pochi secondi, il pc mi apre pagine di explorer a caso! (Con roba da installare a pagamento ecc)
Ho schiacciato 2 e poi ho premuto invio.. Ma mi ha scritto:
This fix will reboot automatically.
Password will be entered automatically.
Do not press any keys till instructed too.
Immettere la password per L2MFIX:

Ma subito dovo aver dato l'invio dopo aver digitato 2 mi ha scritto:
C:\WINDOWS\System32\cmd.exe
config.nt. Il file di sistema non è adatto all'esecuzione di applicazioni DOS e Microsoft Windows. Scegliere "Chiudi" per terminare l'applicazione.
Marco5003
Utente Junior
 
Post: 49
Iscritto il: 26/01/06 18:34

Postdi lucas/s » 06/02/06 19:46

si ho capito il problema,ti manca un file per la corretta esecuzione del tool,nessun problema,scarica il file in base al tuo sistema operativo

Xp Home Edition
http://homepage.ntlworld.com/spencer.gr ... eFiles.exe
Xp Professional
http://homepage.ntlworld.com/spencer.gr ... ofiles.exe
Scarica il file secondo il tuo sistema operativo,eseguilo e sistemerà il tutto
Riavvia il pc e risegui le istruzioni con l'opzione 2
Fammi sapere se incontri ancora problemi ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi Marco5003 » 06/02/06 21:07

Il pc si è riavviato, ma non mi ha aperto il blocconote...

Logfile of HijackThis v1.99.1
Scan saved at 21.06.58, on 06/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Marco\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/oggi/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O1 - Hosts: plus.net
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\hrl4053qe.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\hrrq0595e.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
Marco5003
Utente Junior
 
Post: 49
Iscritto il: 26/01/06 18:34

Postdi lucas/s » 06/02/06 21:22

nessun problema,dal log si vede che ha fatto il suo lavoro,il log lo trovi nella sua cartella se propio vuoi postarlo ma non c'è ne bisogno

con hijackthis elimina:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O1 - Hosts: plus.net

O4 - HKLM\..\Run: [DRam prosessor] plscd.exe

O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe

O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\hrl4053qe.dll (file missing)

O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\hrrq0595e.dll (file missing)

Elimina questi files se presenti
C:\WINDOWS\system32\plscd.exe
C:\WINDOWS\plscd.exe
Esegui una scansione con Ewido

Marco se non aggiorni il sistema e installi un firewall,possiamo star qui anche un anno ma il risultato è sempre quello,nel giro di 1 giorno ti sei reinfettato con 1 worm che sfrutta falle di windows pachate
ciao

PS:
Windows Update
Service Pack 2
Service Pack 1

firewall free
SYGATE(Inglese)
KERIO(Italiano)
ZONA ALLARM(Inglese)
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi Marco5003 » 06/02/06 21:53

Sei un genio!!!! :) :) :P :P
Non ho più virus! Ora installo ciò che vuoi ma veramente grazie tantissime!
Marco5003
Utente Junior
 
Post: 49
Iscritto il: 26/01/06 18:34

Postdi lucas/s » 06/02/06 22:02

di niente capirai ;) installa il service pack2 e il firewall e stai diciamo apposto,se vuoi per maggior sicurezza effettua una scansione on-line
http://www.pandasoftware.com/activescan ... ncipal.htm
salva il rapporto di fine scansione se viene rilevato qualcosa e postalo grazie

PS:Hai 200 antivirus installati lasciane 2 attivo
Ewido va bene
Lascia AVG attivo in memoria
Disinstalla quello schifo di VirIt :D
Kaspersky se è la trial disinstallalo,se l'ha pagata tieni attivo kaspersy e disinstalla AVG
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi Marco5003 » 07/02/06 19:17

Il link del panda non mi va...
Cmq ho installato Zone Allarm e il service pack 2 mi da un errore quando provo a installarlo...
Ma per il resto il pc va benissimo! Grazie ancora !
Marco5003
Utente Junior
 
Post: 49
Iscritto il: 26/01/06 18:34

Postdi lucas/s » 07/02/06 19:46

A me funziona il link,che problemi hai nell'installazione del service pack2?
ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi fabrizius » 07/02/06 19:55

volendo..almeno prima,il cd del sp2 potevi fartelo spedire gratuitamente a casa tua....ma preciso che ora non so se lo fanno ancora...
basta poco se vuoi saperlo comunque ;)
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi Luke57 » 07/02/06 19:55

Complimenti Lucas :) , sei stato proprio bravo. Per immunizzare Marco avevamo provato a lungo sia io che Alexsandra, ma mi sa che il nostro lavoro aveva solo rinforzato quelle bestiacce!!
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Marco5003 » 09/02/06 15:02

Non mi va propio il link!
Marco5003
Utente Junior
 
Post: 49
Iscritto il: 26/01/06 18:34

Postdi Alexsandra » 14/02/06 21:44

@lucas/s
Mi unisco a Luke57,complimenti hai fatto proprio un ottimo lavoro
- Il primo fondamento della sicurezza non e' la tecnologia, ma l'attitudine mentale.

Win7 + Office 2003 Ita
Avatar utente
Alexsandra
Utente Senior
 
Post: 2358
Iscritto il: 09/01/06 20:31

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "Virus, trojan roba che non riesco propio a rimuovere...":


Chi c’è in linea

Visitano il forum: Nessuno e 69 ospiti