Condividi:        

VIRUS CHE RITORNANO TT I GIORNI

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

VIRUS CHE RITORNANO TT I GIORNI

Postdi monoscopio » 30/10/06 21:01

salve a tutti!
E' un periodo che tutti i giorni mi escono un paio di virus che naturalemnte il mio antivirus elimina.

Vorrei capire se ho qualcosa nel computer che li ricrea.

Vi mando il log.

Grazie per l'attenzione

Logfile of HijackThis v1.99.1
Scan saved at 20.43.23, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\IO\Menu Avvio\Programmi\Esecuzione automatica\qciv.exe
E:\gg\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\IO\10242071.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {f250d521-225d-4d6b-8829-e064f944e180} - C:\WINDOWS\system32\baaa.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [cctray] "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: qciv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CBA7CB9-631D-4F7C-8112-FFD99A8B5841}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F5CC06F-E955-4785-B18F-89DD2A331BA0}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Sponsor
 

Postdi Smjert » 30/10/06 22:52

Ciao,

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:

O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\IO\10242071.dll
O2 - BHO: (no name) - {f250d521-225d-4d6b-8829-e064f944e180} - C:\WINDOWS\system32\baaa.dll


C:\Documents and Settings\IO\10242071.dll
prendi questo file e caricalo su questo sito http://www.virustotal.com (clicca in alto Sfoglia, seleziona il file e poi clicca Send, aspetta che il tuo file venga analizzato dai vari motori antivirus e poi copiati su un txt il risultato).
Fai la stessa cosa con C:\WINDOWS\system32\baaa.dll

(Sembra che tu abbia il LinkOptimizer però voglio esserne sicuro)

Posta i due risultati.
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi BilloKenobi » 01/11/06 11:30

il primo dovrebbe essere relativo a un clicker, il secondo sicuramente al LinkOptimizer... è già tanto che possa usare HJT.. negli ultimi tempi i due se compresenti potevano originarne il blocco
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi monoscopio » 01/11/06 14:28

Rispondo ora perchè il forum l'altro giorno era bloccato.

Ho seguito alla lettera le istruzioni e di seguito posto i risultati:

Speriamo bene!

Complete scanning result of "baaa.dll", received in VirusTotal at 11.01.2006, 14:03:47 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 TR/Drop.Agent.NL.7
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 Win32:Gromoz
AVG 386 11.01.2006 Generic2.GAI
BitDefender 7.2 11.01.2006 no virus found
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 Win32/SillyDL.0ml!DLL!Trojan
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 11.01.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 Trojan-Clicker.Win32.Small.mf
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1847 11.01.2006 Win32/Gromoz.L
Norman 5.80.02 11.01.2006 no virus found
Panda 9.0.0.4 11.01.2006 Dialer.IGW
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 Trojan.Win32.Gromoz.L
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 12288 bytes
MD5: 92bfd102646fa1b7da753ed41e833095
SHA1: aaf36d1445fb5b01a03879dde8e96ffd01146cd3
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

-----------------------

VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.

Select file :

Distribute
SSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:
• News Hot news in the virus/antivirus sector.
• Estadisticas Statistics of VirusTotal procesing.
• Virustotal More info about Virustotal. STATUS: FINISHED
Complete scanning result of "10242071.dll", received in VirusTotal at 11.01.2006, 13:57:50 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 TR/Click.Agent.HZ.16
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 Clicker.DHP
BitDefender 7.2 11.01.2006 Trojan.Clicker.Agent.HZ
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 Trojan.Click.1564
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 11.01.2006 Hijacker.Agent.hz
Fortinet 2.82.0.0 11.01.2006 Adware/Agent
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 Trojan-Clicker.Win32.Agent.hz
Kaspersky 4.0.2.24 11.01.2006 Trojan-Clicker.Win32.Agent.hz
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1847 11.01.2006 Win32/TrojanClicker.Agent.HZ
Norman 5.80.02 11.01.2006 W32/Agent.AODD
Panda 9.0.0.4 11.01.2006 Adware/GoodSearchNow
Sophos 4.10.0 10.26.2006 Troj/Agent-DMT
TheHacker 6.0.1.109 10.30.2006 Trojan/Clicker.Agent.hz
UNA 1.83 10.31.2006 TrojanClicker.Win32.Agent.2F4B
VBA32 3.11.1 10.31.2006 Trojan-Clicker.Win32.Agent.hz
VirusBuster 4.3.15:9 10.31.2006 no virus found
Aditional Information
File size: 118784 bytes
MD5: 482a73ef74187a030343e803444209f7
SHA1: 2616ad6b712adf1886992082aa41f31549fb868a
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español

http://www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com


Sto navigando con firefox perchè explorer continua a bloccarsi, con queste modifiche spero che il problema sia risolto.

Posto anche il nuovo log:

Logfile of HijackThis v1.99.1
Scan saved at 14.26.58, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\IO\Menu Avvio\Programmi\Esecuzione automatica\qciv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\IO\Documenti\hijak this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [cctray] "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: qciv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CBA7CB9-631D-4F7C-8112-FFD99A8B5841}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F5CC06F-E955-4785-B18F-89DD2A331BA0}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe


---------------------------------------


Grazie per l'attenzione
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi Luke57 » 01/11/06 15:35

Ciao, apri hijackthis, con tutte le applicazioni chiuse, premi ““open the misc tools section”, poi “open process manger”, individua ed evidenzia il processo:
C:\Documents and Settings\IO\Menu Avvio\Programmi\Esecuzione automatica\qciv.exe

Premi kill process

Torni alla pagina principale con back, premi “scan”, cerchi e spunti le seguenti voci :
O4 - Startup: qciv.exe

premi fix checked.

Cerca ed elimina il file, se c'è:
C:\Documents and Settings\IO\Menu Avvio\Programmi\Esecuzione automatica\qciv.exe
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi monoscopio » 01/11/06 16:22

ok fatto

il file in
C:\Documents and Settings\IO\Menu Avvio\Programmi\Esecuzione automatica\qciv.exe

non c'era piu.

grazie Luke57

invio comunque il log:
Logfile of HijackThis v1.99.1
Scan saved at 16.20.51, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\TEMP\ntxx1.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\IO\Documenti\hijak this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Class - {B60578B7-B3B8-008C-5430-02303C122A99} - C:\WINDOWS\nmyfg1.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [cctray] "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [ntxx1.exe] C:\WINDOWS\TEMP\ntxx1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CBA7CB9-631D-4F7C-8112-FFD99A8B5841}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F5CC06F-E955-4785-B18F-89DD2A331BA0}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
:-?
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi Luke57 » 01/11/06 16:49

Ciao, adesso è chiaro che sei infetto da linkoptimizer.
Prova a usare qyesti tools da qui:
http://www.pc-facile.com/forum/viewtopic.php?t=49816
disattiva momentaneamente il tuo antivirus.
Quello della prevx fa riavviare il computer e al termine della scansione rilascia il report in C:\Gromozon_Removal.log.
Se non ti riuscisse usarlo, prima di lanciare la scansione rinominalo con un nome a caso, lasciando sempre ovviemnte l'estensione .exe.
Quello della symatec eseguilo in mod.provvisoria; anch'esso rilascia un report nella stessa cartella dovoe hai collocato il file.
Posta anbedue i report e informa di eventuali problemi.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi monoscopio » 01/11/06 17:15

ciao luke, sono entrato http://www.pc-facile.com/forum/viewtopic.php?t=49816

ma quando clicco:

http://www.prevx.com/gromozon.asp

e:

http://smallbiz.symantec.com/security_r ... 16-4153-99

eslorer non trova la corrispondenza, cioe mi dice pagina non trovata, firefox la stessa cosa.
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi BilloKenobi » 01/11/06 17:21

prova con questi due links

tool prevx --- http://www.mytempdir.com/1012500

tool symantec --- http://www.mytempdir.com/1010789

nel caso i tool non funzionassero prova rinominandoli con nomi casuali, tipo gatto.exe. per il resto le procedure sono identiche a quelle di luke57
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi monoscopio » 01/11/06 18:24

ciao ragazzi, grazie per l'attenzione, ho fatto come mi ha suggerito Billo Kenobi ed ho scaricato gromozon, l'ho fatto partire e mi ha trovato il files nmyfg1.dll in C:\windows e lo ha eliminato, poi l'ho rifatto partire e ha trovato tutto ok, sono riuscito poi a trovare le pag che prima non vedevo facendole partire dai rispettivi links

http://www.prevx.com/gromozon.asp

http://smallbiz.symantec.com/security_r ... 16-4153-99
ma ora volevo far partire il tools della symanteck, ma il computer non ne vuole sapere di andare in modalita provvisoria.

in ogni modo il report ultimo di gromozon è:

Gromozon rootkit component not detected - searching for other components
Scanning: C:\Programmi\File comuni
Scanning Windows Directory...
Scanning Temporary files...
Trojan.Gromozon does not exist on the system.

Scan finished normally
For a detailed log, please refer to \gromozon_removal.log

e posto anche il log ultimo di hijack:
Logfile of HijackThis v1.99.1
Scan saved at 18.22.47, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\TEMP\ntxx1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\IO\Documenti\hijak this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Class - {B60578B7-B3B8-008C-5430-02303C122A99} - C:\WINDOWS\nmyfg1.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [cctray] "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [ntxx1.exe] C:\WINDOWS\TEMP\ntxx1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CBA7CB9-631D-4F7C-8112-FFD99A8B5841}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F5CC06F-E955-4785-B18F-89DD2A331BA0}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

grazie
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi BilloKenobi » 01/11/06 21:27

più che l'ultimo a noi interessava il primo ;)

ora scarica gmer

http://www.gmer.net/files.php

estrailo, avvialo e poi fai uno scan della scheda autostart, poi inserisci qui il log... :)
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi monoscopio » 01/11/06 22:36

eccomi di nuovo,
posto il log di gmer:

GMER 1.0.12.11867 - http://www.gmer.net
Autostart scan 2006-11-01 22:33:47
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ANIWZCSdService /*ANIWZCSd Service*/@ = C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
CAISafe /*CAISafe*/@ = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
InCDsrv /*InCD Helper*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvJhh /*SrvJhh*/@ = "C:\Programmi\File comuni\Services\rtj.exe" /*file not found*/
VETMSGNT /*VET Message Service*/@ = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EPSON Stylus C66 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@InCDC:\Programmi\Ahead\InCD\InCD.exe = C:\Programmi\Ahead\InCD\InCD.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@D-Link AirPlus XtremeGC:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe = C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
@ANIWZCS2ServiceC:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe = C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
@cctray"C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe" = "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
@CAVRID"C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" = "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
@ntxx1.exeC:\WINDOWS\TEMP\ntxx1.exe = C:\WINDOWS\TEMP\ntxx1.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{1E2CDF40-419B-11D2-A5A1-002018648BA7} /*AVG Shell Extension*/(null) =
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Programmi\Ahead\InCD\incdshx.dll = C:\Programmi\Ahead\InCD\incdshx.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{1CE2AA40-1317-11D3-9922-00104B0AD431} /*CA_AntiVirus*/C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
@{B60578B7-B3B8-008C-5430-02303C122A99}C:\WINDOWS\nmyfg1.dll /*file not found*/ = C:\WINDOWS\nmyfg1.dll /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.12 ----
GMER 1.0.12.11867 - http://www.gmer.net
Autostart scan 2006-11-01 22:33:47
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ANIWZCSdService /*ANIWZCSd Service*/@ = C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
CAISafe /*CAISafe*/@ = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
InCDsrv /*InCD Helper*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvJhh /*SrvJhh*/@ = "C:\Programmi\File comuni\Services\rtj.exe" /*file not found*/
VETMSGNT /*VET Message Service*/@ = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EPSON Stylus C66 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@InCDC:\Programmi\Ahead\InCD\InCD.exe = C:\Programmi\Ahead\InCD\InCD.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@D-Link AirPlus XtremeGC:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe = C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
@ANIWZCS2ServiceC:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe = C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
@cctray"C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe" = "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
@CAVRID"C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" = "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
@ntxx1.exeC:\WINDOWS\TEMP\ntxx1.exe = C:\WINDOWS\TEMP\ntxx1.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{1E2CDF40-419B-11D2-A5A1-002018648BA7} /*AVG Shell Extension*/(null) =
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Programmi\Ahead\InCD\incdshx.dll = C:\Programmi\Ahead\InCD\incdshx.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{1CE2AA40-1317-11D3-9922-00104B0AD431} /*CA_AntiVirus*/C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
@{B60578B7-B3B8-008C-5430-02303C122A99}C:\WINDOWS\nmyfg1.dll /*file not found*/ = C:\WINDOWS\nmyfg1.dll /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.12 ----
GMER 1.0.12.11867 - http://www.gmer.net
Autostart scan 2006-11-01 22:33:47
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ANIWZCSdService /*ANIWZCSd Service*/@ = C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
CAISafe /*CAISafe*/@ = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
InCDsrv /*InCD Helper*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvJhh /*SrvJhh*/@ = "C:\Programmi\File comuni\Services\rtj.exe" /*file not found*/
VETMSGNT /*VET Message Service*/@ = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EPSON Stylus C66 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@InCDC:\Programmi\Ahead\InCD\InCD.exe = C:\Programmi\Ahead\InCD\InCD.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@D-Link AirPlus XtremeGC:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe = C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
@ANIWZCS2ServiceC:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe = C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
@cctray"C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe" = "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
@CAVRID"C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" = "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
@ntxx1.exeC:\WINDOWS\TEMP\ntxx1.exe = C:\WINDOWS\TEMP\ntxx1.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{1E2CDF40-419B-11D2-A5A1-002018648BA7} /*AVG Shell Extension*/(null) =
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Programmi\Ahead\InCD\incdshx.dll = C:\Programmi\Ahead\InCD\incdshx.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{1CE2AA40-1317-11D3-9922-00104B0AD431} /*CA_AntiVirus*/C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
@{B60578B7-B3B8-008C-5430-02303C122A99}C:\WINDOWS\nmyfg1.dll /*file not found*/ = C:\WINDOWS\nmyfg1.dll /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.12 ----
GMER 1.0.12.11867 - http://www.gmer.net
Autostart scan 2006-11-01 22:33:47
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ANIWZCSdService /*ANIWZCSd Service*/@ = C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
CAISafe /*CAISafe*/@ = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
InCDsrv /*InCD Helper*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvJhh /*SrvJhh*/@ = "C:\Programmi\File comuni\Services\rtj.exe" /*file not found*/
VETMSGNT /*VET Message Service*/@ = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EPSON Stylus C66 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@InCDC:\Programmi\Ahead\InCD\InCD.exe = C:\Programmi\Ahead\InCD\InCD.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@D-Link AirPlus XtremeGC:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe = C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
@ANIWZCS2ServiceC:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe = C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
@cctray"C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe" = "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
@CAVRID"C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" = "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
@ntxx1.exeC:\WINDOWS\TEMP\ntxx1.exe = C:\WINDOWS\TEMP\ntxx1.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{1E2CDF40-419B-11D2-A5A1-002018648BA7} /*AVG Shell Extension*/(null) =
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Programmi\Ahead\InCD\incdshx.dll = C:\Programmi\Ahead\InCD\incdshx.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{1CE2AA40-1317-11D3-9922-00104B0AD431} /*CA_AntiVirus*/C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
@{B60578B7-B3B8-008C-5430-02303C122A99}C:\WINDOWS\nmyfg1.dll /*file not found*/ = C:\WINDOWS\nmyfg1.dll /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.12 ----

:mmmh:
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi monoscopio » 01/11/06 22:43

scusate, mi sembra troppo lungo il log, forse l,ho ripetuto piu volte.... :mmmh:
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi BilloKenobi » 01/11/06 23:02

sei riuscito a ficcarcelo quattro volte mi pare... magari andorra potrà tagliare i log in eccesso. :D

comunque, disattiva l'antivirus, il firewall, eventuali moduli hips

ora scarica The Avenger

The Avenger --- http://swandog46.geekstogo.com/avenger.zip

Ora estrai e avvia Avenger.exe

Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SrvJhh
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B60578B7-B3B8-008C-5430-02303C122A99}

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ntxx1.exe

Files to delete:
C:\Programmi\File comuni\Services\rtj.exe
C:\WINDOWS\TEMP\ntxx1.exe
C:\WINDOWS\service32.exe
C:\WINDOWS\nmyfg1.dll


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (che si trova in C:/avenger.txt) con l´esito dello script.

dovrebbe essere tutto. verifica in C:\Windows la presenza di uno di questi files:

syst32.dll
syshost.dll
mdm32.dll
winsmgr32.dll
iexplore32.dll
scrss32.dll
spoolsv32.dll

ed eventualmente cancellalo... presta molta attenzione
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi monoscopio » 02/11/06 00:06

eccomi speriamo di farcela,
nel frattempo avevo scaricato virit e ho passato a scan il pc, ecco il risultato:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
01/11/2006 - 22:54:36

[SCANSIONE DEL REGISTRO]
{f250d521-225d-4d6b-8829-e064f944e180} Infetto da BHO.Agent.BM
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\IO\Documenti\hijak this\backups\backup-20061101-141925-259.dll Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\IO\Documenti\hijak this\backups\backup-20061101-141925-404.dll Infetto da BHO.Agent.AZ
* * * RIMOSSO * * *
C:\Documents and Settings\IO\Documenti\hijak this\backups\backup-20061101-160127-644-qciv.exe Infetto da Trojan.Win32.Agent.AFV
* * * RIMOSSO * * *
C:\Documents and Settings\IO\Impostazioni locali\Temporary Internet Files\Content.IE5\IHWBEDE1\d[1].gif Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\IO\Impostazioni locali\Temporary Internet Files\Content.IE5\J2GB398D\d[1].gif Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\WINDOWS\system32\baaa.dll Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\WINDOWS\Temp\ntxx1.exe Infetto da Trojan.Win32.Agent.ADM
* * * RIMOSSO * * *

Chiavi Registro infette: 1.
Files Infetti: 7.
Files Sospetti: 0.
Files Analizzati: 51436.
Files Totali: 51436.
Chiavi Registro rimosse: 1.
Virus Rimossi: 7.


....

questo è il risultato di avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\luguwknt

*******************

Script file located at: \??\C:\xnokljno.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvJhh deleted successfully.


File C:\Programmi\File comuni\Services\rtj.exe not found!
Deletion of file C:\Programmi\File comuni\Services\rtj.exe failed!

Could not process line:
C:\Programmi\File comuni\Services\rtj.exe
Status: 0xc0000034



File C:\WINDOWS\TEMP\ntxx1.exe not found!
Deletion of file C:\WINDOWS\TEMP\ntxx1.exe failed!

Could not process line:
C:\WINDOWS\TEMP\ntxx1.exe
Status: 0xc0000034



File C:\WINDOWS\service32.exe not found!
Deletion of file C:\WINDOWS\service32.exe failed!

Could not process line:
C:\WINDOWS\service32.exe
Status: 0xc0000034



File C:\WINDOWS\nmyfg1.dll not found!
Deletion of file C:\WINDOWS\nmyfg1.dll failed!

Could not process line:
C:\WINDOWS\nmyfg1.dll
Status: 0xc0000034



Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B60578B7-B3B8-008C-5430-02303C122A99} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1 deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ntxx1.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ygiyruhy

*******************

Script file located at: \??\C:\WINDOWS\system32\lberrgrl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvJhh not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvJhh failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SrvJhh
Status: 0xc0000034



File C:\Programmi\File comuni\Services\rtj.exe not found!
Deletion of file C:\Programmi\File comuni\Services\rtj.exe failed!

Could not process line:
C:\Programmi\File comuni\Services\rtj.exe
Status: 0xc0000034



File C:\WINDOWS\TEMP\ntxx1.exe not found!
Deletion of file C:\WINDOWS\TEMP\ntxx1.exe failed!

Could not process line:
C:\WINDOWS\TEMP\ntxx1.exe
Status: 0xc0000034



File C:\WINDOWS\service32.exe not found!
Deletion of file C:\WINDOWS\service32.exe failed!

Could not process line:
C:\WINDOWS\service32.exe
Status: 0xc0000034



File C:\WINDOWS\nmyfg1.dll not found!
Deletion of file C:\WINDOWS\nmyfg1.dll failed!

Could not process line:
C:\WINDOWS\nmyfg1.dll
Status: 0xc0000034



Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B60578B7-B3B8-008C-5430-02303C122A99} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B60578B7-B3B8-008C-5430-02303C122A99} failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1 failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ntxx1.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ntxx1.exe failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


i files che mi hai detto di controllare in windows non li vedo,

speriamo bene. :-?
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi BilloKenobi » 02/11/06 00:14

dovrebbe essere tutto ok ora. come va?
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi monoscopio » 02/11/06 00:15

adeeso è tardi e chiudo, non so se è tt a posto, comunque è meglio di prima a prima vista.

pero ho provato a farlo partire in modalita provvisoria, ma non c'è verso, mi dice di farlo partire in modalita normale.

grazie per il tempo dedicatomi e per le info, domani vedremo se ci sono problemi. :mmmh:
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi monoscopio » 03/11/06 20:32

Ho lavorato sul computer..sembra a posto.
L'unica cosa che non capisco è come mai non riesco ad entrare in modalità provvisoria.
Premendo F8 alla partenza mi dà l'opzione, faccio enter, ma poi mi ricompare la schermata che mi rimanda in modalità normale.

Sai se posso fare qualcosa per questo disguido?

Grazie di nuovo!!!
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi BilloKenobi » 03/11/06 20:51

mi arrendo... :undecided: chiedi a Luke57... non è nemmeno la prima volta che ne sento, ma non saprei dirti... so che il LinkOptimizer modifica alcuni parametri per installarsi, ma non credo dipenda da questo :oops:
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi Smjert » 03/11/06 20:55

Forse ho capito male.... ma fai precisamente quello che hai detto?

Scusa, non voglio dubitare.. però se fai esattamente come hai detto di fare è giusto che torni in Modalità Normale dato che una volta che hai premuto F8 devi scegliere la voce Modalità Provvisoria nella lista, mentre se non muovi niente rimane su Avvia Windows Normalmente.
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "VIRUS CHE RITORNANO TT I GIORNI":


Chi c’è in linea

Visitano il forum: Nessuno e 35 ospiti

cron