Lento,lento,lentissimo!

[rimini81]

Ciao a tutti,in questi giorni ho un bel problema nel PC.
Ho cercato nei vari post problemio uguali al mio e ne ho trovati diversi ma ho pensato di pubblicare il log perchè sono convinto che ogni PC abbia un problema a sè :-)
Lel mio task manager il file "svchost.exe" ha un valore abbastanza elevato così come il "ServiceLayer.exe" che occupa occupa fino a 71 KB

Spero qualcuno di voi mi possa aiutare,GRAZIE MILLE!

Logfile of HijackThis v1.99.1
Scan saved at 12.39.32, on 21/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Temp\bext1.exe
C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Mattia\IMPOST~1\Temp\Rar$EX00.891\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {73E67B63-964B-52F7-5C88-EC0512910BDF} - C:\WINDOWS\jxvyt1.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [bext1.exe] C:\WINDOWS\Temp\bext1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5032501093
O17 - HKLM\System\CCS\Services\Tcpip\..\{2841E064-D499-4024-B7BC-14E6E534C951}: NameServer = 85.37.17.47 85.38.28.82
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

[Luke57]

Ciao, vai in questa discussione:
http://www.wininizio.it/forum/index.php?showtopic=46304
scarica bitdefendr antirootkit suggerito da Kuma.

Lo scompatti (dovrai utilizzare winrar) e fai una scansione. Annota ciò che trova e fammelo sapere.
Se non trova niente, scarica Gmer da qui:
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.

[rimini81]

CIAO E GRAZIE INTANTO,SPERO DI AVERE FATTO TUTTO COME DICI TU:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-22 12:44:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwClose
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateKey
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateSection
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwDeleteValueKey
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwLoadDriver
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwOpenFile
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwSetValueKey
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwTerminateProcess
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwWriteFile

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F8AD685A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8AD685A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8AD685A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F8AD685A] avgtdi.sys
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\Temp\bext1.exe (*** hidden *** ) @ C:\WINDOWS\Temp\bext1.exe [3720] 0x00400000 <-- ROOTKIT !!!

---- EOF - GMER 1.0.10 ----




GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-22 12:44:53
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt6.rsn

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SecKnk /*SecKnk*/@ = "C:\Programmi\File comuni\Microsoft Shared\nus.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@SpywareTerminator"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
@bext1.exeC:\WINDOWS\Temp\bext1.exe /*file not found*/ = C:\WINDOWS\Temp\bext1.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} /*SnagIt*/C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll = C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{73E67B63-964B-52F7-5C88-EC0512910BDF}C:\WINDOWS\jxvyt1.dll /*file not found*/ = C:\WINDOWS\jxvyt1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ig?hl=it = http://www.google.it/ig?hl=it
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----

[Luke57]

Ciao di nuovo, esegui in ordine queste procedure:

1) Start>esegui>control userpasswords2 (lo scrivi nello spazio bianco)>OK

2)Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete Administrators e Utente, Aspnet), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

3) Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa

4)Svuota il cestino


5) scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\ SecKnk
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ bext1.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73E67B63-964B-52F7-5C88-EC0512910BDF}

Files to delete:
C:\WINDOWS\Temp\bext1.exe
C:\WINDOWS\system32\lpt6.rsn
C:\Programmi\File comuni\Microsoft Shared\nus.exe
C:\WINDOWS\jxvyt1.dll


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

5) Controlla se in C:\Programmi o C:\Programmi\file comuni o C:\programmi\file comuni\microsoft shared sono presenti file con estensione .exe di colore verde; se sì fammelo sapere



6)Con hijackthis, premi do a system scan only”, cerchi e spunti (se ci sono sempre):
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {73E67B63-964B-52F7-5C88-EC0512910BDF} - C:\WINDOWS\jxvyt1.dll (file missing)
O4 - HKLM\..\Run: [bext1.exe] C:\WINDOWS\Temp\bext1.exe

Premi fix checked

7) Ancora con hiajackthis, lo chiudi e lo riapri, premi Open the misc tools section, poi clicca su Open Ads Spy... togli il segno di spunta a Quick Scan. Se trovi il file
C:\WINDOWS\system32\lpt6.rsn
selezionalo mettendo un segno di spunta nella casella accanto alla voce e premi Remove selected

[rimini81]

Cioa ancora,questo è il log che mi chiedevi:


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


Error: could not initiate system shutdown.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\koqpcdoi

*******************

Script file located at: \??\C:\ydwnwdkc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\ SecKnk not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ SecKnk failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\ SecKnk
Status: 0xc0000034



File C:\WINDOWS\Temp\bext1.exe not found!
Deletion of file C:\WINDOWS\Temp\bext1.exe failed!

Could not process line:
C:\WINDOWS\Temp\bext1.exe
Status: 0xc0000034

File C:\WINDOWS\system32\lpt6.rsn deleted successfully.
File C:\Programmi\File comuni\Microsoft Shared\nus.exe deleted successfully.


File C:\WINDOWS\jxvyt1.dll not found!
Deletion of file C:\WINDOWS\jxvyt1.dll failed!

Could not process line:
C:\WINDOWS\jxvyt1.dll
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ bext1.exe not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ bext1.exe failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73E67B63-964B-52F7-5C88-EC0512910BDF} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\smlatfto

*******************

Script file located at: \??\C:\WINDOWS\p^gyqjmf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\ SecKnk not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ SecKnk failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\ SecKnk
Status: 0xc0000034



File C:\WINDOWS\Temp\bext1.exe not found!
Deletion of file C:\WINDOWS\Temp\bext1.exe failed!

Could not process line:
C:\WINDOWS\Temp\bext1.exe
Status: 0xc0000034



File C:\WINDOWS\system32\lpt6.rsn not found!
Deletion of file C:\WINDOWS\system32\lpt6.rsn failed!

Could not process line:
C:\WINDOWS\system32\lpt6.rsn
Status: 0xc0000034



File C:\Programmi\File comuni\Microsoft Shared\nus.exe not found!
Deletion of file C:\Programmi\File comuni\Microsoft Shared\nus.exe failed!

Could not process line:
C:\Programmi\File comuni\Microsoft Shared\nus.exe
Status: 0xc0000034



File C:\WINDOWS\jxvyt1.dll not found!
Deletion of file C:\WINDOWS\jxvyt1.dll failed!

Could not process line:
C:\WINDOWS\jxvyt1.dll
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ bext1.exe not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ bext1.exe failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73E67B63-964B-52F7-5C88-EC0512910BDF} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73E67B63-964B-52F7-5C88-EC0512910BDF} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Ho seguito alla lettera solo che in C:\Documents and Settings nn ho trovato la cartella con il nome che avevo trovato in control userpasswords2 .


In C:\programmi\file comuni\microsoft shared sono presenti più di 40 file EXE "verdi"


Non ho trovato il file C:\WINDOWS\system32\lpt6.rsn

[Luke57]

Ciao, utilizza ancora Avenger.

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte suddette (con le integrazioni che dovrai apportare):

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SecKnk
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\bext1.exe

Files to delete:
C:\Programmi\File Comuni\Microsoft Shared\nome.exe
C:\Programmi\File Comuni\Microsoft Shared[/b]\nome1.exe
cioè scriverai uno sotto all'altro il percorso e nome di tutti i file verdi trovati nella cartella.

Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.


Posta nuovo script di Avenger al riavvio.

[rimini81]

Ciao,spero di avere fatto tutto bene


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hejhppgr

*******************

Script file located at: \??\C:\Documents and Settings\jcqyuvfh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SecKnk deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\aaz.exe deleted successfully.


Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\AgR.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\AgR.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\AgR.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\babnj.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\babnj.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\babnj.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\bEIrC.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\bEIrC.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\bEIrC.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\BNF.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\BNF.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\BNF.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\BuJ.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\BuJ.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\BuJ.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\CaU.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\CaU.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\CaU.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\CXa.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\CXa.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\CXa.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\dvr.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\dvr.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\dvr.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\dYsibA.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\dYsibA.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\dYsibA.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\evI.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\evI.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\evI.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\ffy.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\ffy.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\ffy.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\fqS.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\fqS.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\fqS.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\fZo.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\fZo.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\fZo.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\glK.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\glK.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\glK.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\GnG.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\GnG.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\GnG.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\GNud.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\GNud.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\GNud.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\GSprTy.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\GSprTy.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\GSprTy.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\GUm.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\GUm.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\GUm.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\HUg.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\HUg.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\HUg.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\ilMne.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\ilMne.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\ilMne.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\KFNW.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\KFNW.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\KFNW.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\mbx.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\mbx.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\mbx.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\mJC.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\mJC.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\mJC.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\MQt.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\MQt.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\MQt.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\PCBUQ.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\PCBUQ.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\PCBUQ.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\pvrzvv.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\pvrzvv.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\pvrzvv.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\qGVKm.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\qGVKm.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\qGVKm.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\Qnl.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\Qnl.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\Qnl.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\QpkaN.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\QpkaN.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\QpkaN.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\SzR.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\SzR.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\SzR.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\twjwg.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\twjwg.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\twjwg.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\uaO.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\uaO.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\uaO.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\unKsm.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\unKsm.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\unKsm.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\Vcg.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\Vcg.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\Vcg.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\vqWj.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\vqWj.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\vqWj.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\vyc.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\vyc.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\vyc.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\vYV.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\vYV.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\vYV.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\WYmQ.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\WYmQ.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\WYmQ.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\xfL.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\xfL.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\xfL.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\xfo.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\xfo.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\xfo.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\XPN.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\XPN.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\XPN.exe
Status: 0xc0000033



Could not open file C:\Programmi\File Comuni\Microsoft Shared[/b]\zsX.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[/b]\zsX.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[/b]\zsX.exe
Status: 0xc0000033

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\bext1.exe not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\bext1.exe failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[Luke57]

Ciao, lo script giusto che devi inserire in Avenger è questo:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Files to delete:
C:\Programmi\File Comuni\Microsoft Shared\AgR.exe
C:\Programmi\File Comuni\Microsoft Shared\babnj.exe
C:\Programmi\File Comuni\Microsoft Shared\bEIrC.exe
C:\Programmi\File Comuni\Microsoft Shared\BNF.exe
C:\Programmi\File Comuni\Microsoft Shared\BuJ.exe
C:\Programmi\File Comuni\Microsoft Shared\CaU.exe
C:\Programmi\File Comuni\Microsoft Shared\CXa.exe
C:\Programmi\File Comuni\Microsoft Shared\dvr.exe
C:\Programmi\File Comuni\Microsoft Shared\dYsibA.exe
C:\Programmi\File Comuni\Microsoft Shared\evI.exe
C:\Programmi\File Comuni\Microsoft Shared\ffy.exe
C:\Programmi\File Comuni\Microsoft Shared\fqS.exe
C:\Programmi\File Comuni\Microsoft Shared\fZo.exe
C:\Programmi\File Comuni\Microsoft Shared\glK.exe
C:\Programmi\File Comuni\Microsoft Shared\GnG.exe
C:\Programmi\File Comuni\Microsoft Shared\GNud.exe
C:\Programmi\File Comuni\Microsoft Shared\GSprTy.exe
C:\Programmi\File Comuni\Microsoft Shared\GUm.exe
C:\Programmi\File Comuni\Microsoft Shared[\HUg.exe
C:\Programmi\File Comuni\Microsoft Share\lMne.exe
C:\Programmi\File Comuni\Microsoft Shared\KFNW.exe
C:\Programmi\File Comuni\Microsoft Shared\mbx.exe
C:\Programmi\File Comuni\Microsoft Shared\mJC.exe
C:\Programmi\File Comuni\Microsoft Shared\MQt.exe
C:\Programmi\File Comuni\Microsoft Shared\PCBUQ.exe
C:\Programmi\File Comuni\Microsoft Shared\pvrzvv.exe
C:\Programmi\File Comuni\Microsoft Shared\qGVKm.exe
C:\Programmi\File Comuni\Microsoft Shared\Qnl.exe
C:\Programmi\File Comuni\Microsoft Shared\QpkaN.exe
C:\Programmi\File Comuni\Microsoft Shared\SzR.exe
C:\Programmi\File Comuni\Microsoft Shared\twjwg.exe
C:\Programmi\File Comuni\Microsoft Shared\uaO.exe
C:\Programmi\File Comuni\Microsoft Shared\unKsm.exe
C:\Programmi\File Comuni\Microsoft Shared\Vcg.exe
C:\Programmi\File Comuni\Microsoft Shared\vqWj.exe
C:\Programmi\File Comuni\Microsoft Shared\vyc.exe
C:\Programmi\File Comuni\Microsoft Shared\vYV.exe
C:\Programmi\File Comuni\Microsoft Shared\WYmQ.exe
C:\Programmi\File Comuni\Microsoft Shared\xfL.exe
C:\Programmi\File Comuni\Microsoft Shared\xfo.exe exe
C:\Programmi\File Comuni\Microsoft Shared\XPN.exe
C:\Programmi\File Comuni\Microsoft Shared\zsX.exe

[rimini81]

QUESTA VOLTA SPERIAMO DI NON AVERE SBAGLIATO NULLA :-)

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


Error: could not initiate system shutdown.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\essgbihp

*******************

Script file located at: \??\C:\faybucbk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\File Comuni\Microsoft Shared\AgR.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\babnj.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\bEIrC.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\BNF.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\BuJ.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\CaU.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\CXa.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\dvr.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\dYsibA.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\evI.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\ffy.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\fqS.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\fZo.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\glK.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\GnG.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\GNud.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\GSprTy.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\GUm.exe deleted successfully.


Could not open file C:\Programmi\File Comuni\Microsoft Shared[\HUg.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[\HUg.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[\HUg.exe
Status: 0xc000003a



Could not open file C:\Programmi\File Comuni\Microsoft Share\lMne.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Share\lMne.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Share\lMne.exe
Status: 0xc000003a

File C:\Programmi\File Comuni\Microsoft Shared\KFNW.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\mbx.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\mJC.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\MQt.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\PCBUQ.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\pvrzvv.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\qGVKm.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\Qnl.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\QpkaN.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\SzR.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\twjwg.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\uaO.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\unKsm.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\Vcg.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\vqWj.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\vyc.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\vYV.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\WYmQ.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\xfL.exe deleted successfully.


File C:\Programmi\File Comuni\Microsoft Shared\xfo.exe exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\xfo.exe exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\xfo.exe exe
Status: 0xc0000034

File C:\Programmi\File Comuni\Microsoft Shared\XPN.exe deleted successfully.
File C:\Programmi\File Comuni\Microsoft Shared\zsX.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jeagbiyg

*******************

Script file located at: \??\C:\Documents and Settings\ywjielsa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Programmi\File Comuni\Microsoft Shared\AgR.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\AgR.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\AgR.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\babnj.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\babnj.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\babnj.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\bEIrC.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\bEIrC.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\bEIrC.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\BNF.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\BNF.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\BNF.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\BuJ.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\BuJ.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\BuJ.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\CaU.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\CaU.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\CaU.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\CXa.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\CXa.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\CXa.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\dvr.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\dvr.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\dvr.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\dYsibA.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\dYsibA.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\dYsibA.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\evI.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\evI.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\evI.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\ffy.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\ffy.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\ffy.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\fqS.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\fqS.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\fqS.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\fZo.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\fZo.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\fZo.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\glK.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\glK.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\glK.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\GnG.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\GnG.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\GnG.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\GNud.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\GNud.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\GNud.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\GSprTy.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\GSprTy.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\GSprTy.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\GUm.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\GUm.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\GUm.exe
Status: 0xc0000034



Could not open file C:\Programmi\File Comuni\Microsoft Shared[\HUg.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Shared[\HUg.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared[\HUg.exe
Status: 0xc000003a



Could not open file C:\Programmi\File Comuni\Microsoft Share\lMne.exe for deletion
Deletion of file C:\Programmi\File Comuni\Microsoft Share\lMne.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Share\lMne.exe
Status: 0xc000003a



File C:\Programmi\File Comuni\Microsoft Shared\KFNW.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\KFNW.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\KFNW.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\mbx.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\mbx.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\mbx.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\mJC.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\mJC.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\mJC.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\MQt.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\MQt.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\MQt.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\PCBUQ.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\PCBUQ.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\PCBUQ.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\pvrzvv.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\pvrzvv.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\pvrzvv.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\qGVKm.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\qGVKm.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\qGVKm.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\Qnl.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\Qnl.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\Qnl.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\QpkaN.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\QpkaN.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\QpkaN.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\SzR.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\SzR.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\SzR.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\twjwg.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\twjwg.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\twjwg.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\uaO.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\uaO.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\uaO.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\unKsm.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\unKsm.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\unKsm.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\Vcg.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\Vcg.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\Vcg.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\vqWj.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\vqWj.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\vqWj.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\vyc.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\vyc.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\vyc.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\vYV.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\vYV.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\vYV.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\WYmQ.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\WYmQ.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\WYmQ.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\xfL.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\xfL.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\xfL.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\xfo.exe exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\xfo.exe exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\xfo.exe exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\XPN.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\XPN.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\XPN.exe
Status: 0xc0000034



File C:\Programmi\File Comuni\Microsoft Shared\zsX.exe not found!
Deletion of file C:\Programmi\File Comuni\Microsoft Shared\zsX.exe failed!

Could not process line:
C:\Programmi\File Comuni\Microsoft Shared\zsX.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

[Luke57]

Ciao, questa volta sono stati eliminati

[rimini81]

Spero di non avere più problemi!
Parlerò benissimo di voi a chi avrà problemi!
GRAZIE DI TUTTO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!