Problemi con pagine web non volute..

[xcoachx]

Ciao a tutti anzitutto un saluto e un ringraziamento a tutti per il servizio che offrite.. e questo è doveroso...
Veniamo al dunque.. purtroppo dopo avere lanciato un programmetto in visual basic (che non dovevo lanciare) ora mentre navigo mi si aprono in automatico delle pagine internet.. ho letto un po di thread ed agito di conseguenza..ma nulla da fare..

Sistema operativo Winxp Professional service pack1 Iexplorer 6.0
Tentata pulizia con antivirus FSecure niente..
Tentata pulizia con Spybot niente
Tentata pulizia con Cw shredder niente
tentata pulizia con Xcleaner niente
Tentata pulizia con Spysweeper nulla
Tentata pulizia con Adaware nulla
Tutti i programmi con database aggiornati

A questo punto vi posterei i log di Hijackthis e pure quello di CWShredder

LOG CWShredder

**** Run Keys ****

RUN: [LaunchAp] "C:\Programmi\Acer\Launch Manager\LaunchAp.exe"
RUN: [HotkeyApp] "C:\Programmi\Acer\Launch Manager\HotkeyApp.exe"
RUN: [KeyHook] "C:\Programmi\Acer\Launch Manager\KeyHook.exe"
RUN: [CtrlVol] "C:\Programmi\Acer\Launch Manager\CtrlVol.exe"
RUN: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
RUN: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
RUN: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
RUN: [Wbutton] "C:\Programmi\Acer\WButton(Win2K) v1.5\Wbutton.exe"
RUN: [PRPCMonitor] PRPCUI.exe
RUN: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
RUN: [wavdriver] "C:\WINDOWS\wavdriver.exe"
RUN: [avidup] "C:\WINDOWS\avidup.exe"
RUN: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
RUN: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0


**** Browser Helper Objects ****



**** IE Toolbars ****

TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx
TOOLBAR: [&Google] c:\programmi\google\googletoolbar1.dll


**** IE Extensions ****

IEExt: [Crea preferiti portatile]
IEExt: [Crea preferiti portatile]
IEExt: [ICQ Pro] C:\Programmi\ICQ\ICQ.exe
IEExt: [@C:\Programmi\Messenger\Msgslang.dll,-61144] C:\Programmi\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 www.igetnet.com
HOSTS: 127.0.0.1 code.ignphrases.com
HOSTS: 127.0.0.1 clear-search.com
HOSTS: 127.0.0.1 r1.clrsch.com
HOSTS: 127.0.0.1 sds.clrsch.com
HOSTS: 127.0.0.1 status.clrsch.com
HOSTS: 127.0.0.1 www.clrsch.com
HOSTS: 127.0.0.1 clr-sch.com
HOSTS: 127.0.0.1 sds-qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 www.qoolaid.com
HOSTS: 127.0.0.1 www.qoologic.com
HOSTS: 127.0.0.1 www.clkprecision.com
HOSTS: 127.0.0.1 www.urllogic.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.isearch.com
HOSTS: 127.0.0.1 isearch.com
HOSTS: 127.0.0.1 www.idownload.com
HOSTS: 127.0.0.1 idownload.com
HOSTS: 127.0.0.1 www.mytotalsearch.com
HOSTS: 127.0.0.1 mytotalsearch.com
HOSTS: 127.0.0.1 www.lop.com
HOSTS: 127.0.0.1 lop.com
HOSTS: 127.0.0.1 www.page-not-found.net
HOSTS: 127.0.0.1 page-not-found.net
HOSTS: 127.0.0.1 www.isearchhere.com
HOSTS: 127.0.0.1 isearchhere.com
HOSTS: 127.0.0.1 xads.offeroptimizer.comm
HOSTS: 127.0.0.1 search.offeroptimizer.com
HOSTS: 127.0.0.1 ximages.offeroptimizer.com
HOSTS: 127.0.0.1 xlime.offeroptimizer.com
HOSTS: 127.0.0.1 xadsj-o.offeroptimizer.com
HOSTS: 127.0.0.1 xadsj.offeroptimizer.com
HOSTS: 127.0.0.1 www.offeroptimizer.com
HOSTS: 127.0.0.1 as.adwave.com
HOSTS: 127.0.0.1 sr.adwave.com
HOSTS: 127.0.0.1 www.adwave.com
HOSTS: 127.0.0.1 adwave.com event:host:127.0.0.1
HOSTS: 127.0.0.1 adwave.com event:host:127.0.0.1
HOSTS: 127.0.0.1 ads.switchboard.com
HOSTS: 127.0.0.1 ads.enliven.com
HOSTS: 127.0.0.1 oz.valueclick.com
HOSTS: 127.0.0.1 doubleclick.net
HOSTS: 127.0.0.1 ad.atlas.cz
HOSTS: 127.0.0.1 ad.blm.net
HOSTS: 127.0.0.1 ad.dogpile.com
HOSTS: 127.0.0.1 ad.infoseek.com
HOSTS: 127.0.0.1 ad.net-service.de
HOSTS: 127.0.0.1 ad.preferences.com
HOSTS: 127.0.0.1 ad.vol.at
HOSTS: 127.0.0.1 adbot.com
HOSTS: 127.0.0.1 desktop.kazaa.com
HOSTS: 127.0.0.1 shop.kazaa.com
HOSTS: 127.0.0.1 www.bonzi.com
HOSTS: 127.0.0.1 www.b3d.com
HOSTS: 127.0.0.1 neighborhood.standard.net
HOSTS: 127.0.0.1 ads.telegraph.co.uk
HOSTS: 127.0.0.1 spinbox.techtracker.com
HOSTS: 127.0.0.1 toads.osdn.com
HOSTS: 127.0.0.1 ads.themes.org
HOSTS: 127.0.0.1 adserver.trb.com
HOSTS: 127.0.0.1 media.fastclick.net
HOSTS: 127.0.0.1 banner.easyspace.com
HOSTS: 127.0.0.1 www.banner2u.com
HOSTS: 127.0.0.1 ads.thestar.com
HOSTS: 127.0.0.1 ads.digitalmedianet.com
HOSTS: 127.0.0.1 www.fineclicks.com
HOSTS: 127.0.0.1 ads.mdchoice.com
HOSTS: 127.0.0.1 ad.horvitznewspapers.net
HOSTS: 127.0.0.1 adtegrity.thruport.com
HOSTS: 127.0.0.1 a.mktw.net
HOSTS: 127.0.0.1 ads.pennyweb.com
HOSTS: 127.0.0.1 www3.ad.tomshardware.com
HOSTS: 127.0.0.1 www4.ad.tomshardware.com
HOSTS: 127.0.0.1 www6.ad.tomshardware.com
HOSTS: 127.0.0.1 www8.ad.tomshardware.com
HOSTS: 127.0.0.1 www15.ad.tomshardware.com
HOSTS: 127.0.0.1 ads.forbes.com
HOSTS: 127.0.0.1 ads.desmoinesregister.com
HOSTS: 127.0.0.1 adserver.tribuneinteractive.com
HOSTS: 127.0.0.1 bannerads.anytimenews.com
HOSTS: 127.0.0.1 ads1.condenet.com
HOSTS: 127.0.0.1 adserver.anm.co.uk
HOSTS: 127.0.0.1 zrap.zdnet.com.com
HOSTS: 127.0.0.1 bidclix.net
HOSTS: 127.0.0.1 media.popuptraffic.com
HOSTS: 127.0.0.1 coreg.flashtrack.net
HOSTS: 127.0.0.1 rmads.msn.com
HOSTS: 127.0.0.1 ads.icq.com
HOSTS: 127.0.0.1 cb.icq.com
HOSTS: 127.0.0.1 cf.icq.com
HOSTS: 127.0.0.1 www2.newtopsites.com
HOSTS: 127.0.0.1 adserv.internetfuel.com
HOSTS: 127.0.0.1 images.fastclick.net
HOSTS: 127.0.0.1 adserver.securityfocus.com
HOSTS: 127.0.0.1 www.avsads.com
HOSTS: 127.0.0.1 banners.moviegoods.com
HOSTS: 127.0.0.1 ads.bitsonthewire.com
HOSTS: 127.0.0.1 ads.iambic.com
HOSTS: 127.0.0.1 sfads.osdn.com
HOSTS: 127.0.0.1 fl01.ct2.comclick.com
HOSTS: 127.0.0.1 adserver.phillyburbs.com
HOSTS: 127.0.0.1 marketing.nyi.net
HOSTS: 127.0.0.1 www.netflip.com
HOSTS: 127.0.0.1 image.imgfarm.com
HOSTS: 127.0.0.1 ads.viaarena.com
HOSTS: 127.0.0.1 phpads2.cnpapers.com
HOSTS: 127.0.0.1 ads.astalavista.us
HOSTS: 127.0.0.1 banner.coza.com
HOSTS: 127.0.0.1 adcreative.tribuneinteractive.com
HOSTS: 127.0.0.1 ads.democratandchronicle.com
HOSTS: 127.0.0.1 adlog.com.com
HOSTS: 127.0.0.1 adimg.com.com
HOSTS: 127.0.0.1 adimage.bankrate.com
HOSTS: 127.0.0.1 ads.mediadevil.com
HOSTS: 127.0.0.1 imageserv.adtech.de
HOSTS: 127.0.0.1 ad.se.doubleclick.net
HOSTS: 127.0.0.1 ads.cashsurfers.com
HOSTS: 127.0.0.1 ads.specificpop.com
HOSTS: 127.0.0.1 z1.adserver.com
HOSTS: 127.0.0.1 images.bizrate.com
HOSTS: 127.0.0.1 q.pni.com
HOSTS: 127.0.0.1 ad01.mediacorpsingapore.com
HOSTS: 127.0.0.1 adimage.asia1.com.sg
HOSTS: 127.0.0.1 images.newsx.cc
HOSTS: 127.0.0.1 www.adireland.com
HOSTS: 127.0.0.1 ads.iafrica.com
HOSTS: 127.0.0.1 ads.nyi.net
HOSTS: 127.0.0.1 geoads.osdn.com
HOSTS: 127.0.0.1 www.crisscross.com
HOSTS: 127.0.0.1 netcomm.spinbox.net
HOSTS: 127.0.0.1 i.i.com.com
HOSTS: 127.0.0.1 ads.videoaxs.com
HOSTS: 127.0.0.1 mediamgr.ugo.com
HOSTS: 127.0.0.1 adserver.pollstar.com
HOSTS: 127.0.0.1 information.gopher.com
HOSTS: 127.0.0.1 ads.adviva.net
HOSTS: 127.0.0.1 adsrv.bankrate.com
HOSTS: 127.0.0.1 a207.p.f.qz3.net
HOSTS: 127.0.0.1 ehg-bestbuy.hitbox.com
HOSTS: 127.0.0.1 ehg-intel.hitbox.com
HOSTS: 127.0.0.1 ehg-espn.hitbox.com
HOSTS: 127.0.0.1 ehg-macromedia.hitbox.com
HOSTS: 127.0.0.1 ehg-dig.hitbox.com
HOSTS: 127.0.0.1 websearch.com
HOSTS: 127.0.0.1 websearch.com


**** IE Settings ****

IEBypass: 127.0.0.1
Default Page: http://www.libero.it
Default Search: http://www.microsoft.com/isapi/redir...ie&ar=iesearch
Local Page: C:\WINDOWS\System32\blank.htm
Search Bar: http://arianna.libero.it
Search Page: http://www.microsoft.com/isapi/redir...ie&ar=iesearch


**** IE Context Menu (Right click) ****



**** Layered Service Providers ****

LSP: MSAFD Irda [IrDA]
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3963C041-9195-40EE-8A1B-536A4CF0A3D8}] SEQPACKET 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3963C041-9195-40EE-8A1B-536A4CF0A3D8}] DATAGRAM 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{931DC803-FB5B-4F73-B4F3-2A9CCDCB72E1}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{931DC803-FB5B-4F73-B4F3-2A9CCDCB72E1}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4BA01A99-0B75-4AAC-8805-1ECF1F2EE63C}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4BA01A99-0B75-4AAC-8805-1ECF1F2EE63C}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0BA15F2A-9ABE-41E0-94F1-0709EC1B015E}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0BA15F2A-9ABE-41E0-94F1-0709EC1B015E}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{42E82DA9-43C2-4B21-8187-5815A54606C2}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{42E82DA9-43C2-4B21-8187-5815A54606C2}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C447AD9-D77A-4C25-8CC1-A3F44B46225D}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C447AD9-D77A-4C25-8CC1-A3F44B46225D}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{315B3172-A8DD-4001-A147-626A7D6F0DE2}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{315B3172-A8DD-4001-A147-626A7D6F0DE2}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{71BC9EB9-027C-45B5-98E4-EF035BCA721B}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{71BC9EB9-027C-45B5-98E4-EF035BCA721B}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{00758246-AF72-46C5-B5A4-471FD16765F1}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{00758246-AF72-46C5-B5A4-471FD16765F1}] DATAGRAM 5


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

HushEncryptionEngine [https://mailserver5.hushmail.com/sha...tionEngine.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} [http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe] C:\WINDOWS\Downloaded Program Files\setup.exe
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab] C:\WINDOWS\System32\mfc42.dll C:\WINDOWS\Tsc.exe C:\WINDOWS\Tsc.ini C:\WINDOWS\TmUpdate.dll C:\WINDOWS\loadhttp.dll C:\WINDOWS\tmupdate.ini C:\WINDOWS\patchw32.dll C:\WINDOWS\Downloaded Program Files\xscan53.ocx
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.co...383.5021412037]
{ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} [http://www.buy@fiat.com/components/o...ratoreauto.cab]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/ms...downloader.cab]
{C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} [http://c6.community.virgilio.it/down...derActiveX.cab]
{D27CDB6E-AE6D-11CF-9600-000000000000} [http://download.macromedia.com/pub/s...sh/swflash.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/s...sh/swflash.cab]


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

[xcoachx]

Ragazzi ora vi posto il log di Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13.12.23, on 03/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\F-Secure\Common\FSMA32.EXE
C:\Programmi\F-Secure\Common\FSMB32.EXE
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\F-Secure\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\F-Secure\Common\FAMEH32.EXE
C:\Programmi\F-Secure\Common\FSGK32.EXE
C:\Programmi\F-Secure\Common\FNRB32.EXE
C:\Programmi\F-Secure\Common\FIH32.EXE
C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
C:\Programmi\Acer\Launch Manager\LaunchAp.exe
C:\Programmi\Acer\Launch Manager\HotkeyApp.exe
C:\Programmi\Acer\Launch Manager\KeyHook.exe
C:\Programmi\Acer\Launch Manager\CtrlVol.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\F-Secure\Common\FSM32.EXE
C:\Programmi\Acer\WButton(Win2K) v1.5\Wbutton.exe
C:\WINDOWS\System32\PRPCUI.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRoute rRuntime.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Andrea Borsari\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forum.visivagroup.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forum.visivagroup.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmi\Acer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programmi\Acer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [KeyHook] "C:\Programmi\Acer\Launch Manager\KeyHook.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmi\Acer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Acer\WButton(Win2K) v1.5\Wbutton.exe"
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [wavdriver] "C:\WINDOWS\wavdriver.exe"
O4 - HKLM\..\Run: [avidup] "C:\WINDOWS\avidup.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Registration-Studio 8.lnk = C:\Programmi\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programmi\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programmi\ICQ\ICQ.exe
O9 - Extra button: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: HushEncryptionEngine - https://mailserver5.hushmail.com/sha...tionEngine.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.buy@fiat.com/components/o...ratoreauto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/down...derActiveX.cab
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\m4460ehseh460.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmi\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programmi\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ok altro non saprei che dirvi.. magari fatemi sapere se c'è qualche cosa da indagare ulteriormente.. Spero possiate aiutarmi perchè di formattare farei veramente a meno Riguardo al log di cwshradder mi puzza un po' la stringa "IEBYpass 127.0.0.1" uhmm fatemi sapere mi appello alle vostre conoscenze e alla vostra disponibilità..

Ciao Andrea

[LUCASS]

Ciao e ben arrivato
Sei infetto da una variante dell'adware Look2Me,che è un bel problema dato che Spysweeper doveva riconoscere ed eliminare questa variante,ma non fa niente vediamo di risolvere in altro modo

Per piacere fai analizzare i files che ti metto in rosso in questo sito
http://virusscan.jotti.org/
C:\WINDOWS\avidup.exe
C:\WINDOWS\wavdriver.exe
C:\WINDOWS\system32\m4460ehseh460.dll
L'ultimo dovrebbe essere l'adware di cui ti parlavo prima


Scarica VX2.L2mfix
http://www.atribune.org/downloads/l2mfix.exe
Salvalo sul desktop,doppio click sul file l2mfix.exe
Clicca su Install,finito l'estrazione si creerà una nuova cartella sul desktop
(Senza essere connesso)
Apri la cartella e clicca su l2mfix.bat
Ti si apre una finestra prompt
Digita 1 dove lampeggia il cursore e dai l'INVIO
Aspetta un pochino e visulizzerai il block notes,copia e incolla il contenuto qui

[xcoachx]

Ciao LUCASS e grazie mille per la tua precisione e solerzia nello spiegarmi il da farsi..

Allora Lucass, i tre file in rosso ho cercato e ricercato ma non li ho trovati.. ho fatto uno Scan con il programma che mi hai indicato e te lo allego..

L2MFIX find log 1.04a
These are the registry keys present
************************************************** ********************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33, 00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e, 00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enpql1751.dl l"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEven t"
"Logoff"="UnregisterTicketExpiredNotificationEvent "
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


************************************************** ********************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"{232BF4A1-60FE-A299-911C-E5CBB34F056F}"=""



Ok spero di essere stato utile.. te lo spezzo in due iol log che altrimenti non ci sta

Ciao e grazie mille! Andrea

[xcoachx]

Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Propriet… dei file Multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestore scanner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Pagina di protezione NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Pagina di propriet… di Docfile OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Estensioni shell per la condivisione"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Estensione scheda video del Pannello di controllo"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Estensione monitor del Pannello di controllo"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Estensione panoramica video del Pannello di controllo"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Pagina di protezione DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Pagina compatibilit…"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestore dati dei ritagli di shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Estensione copia dischi"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Estensioni shell per oggetti Rete Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestore monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestore stampante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Estensioni shell per la compressione dei file"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Estensione shell per la stampante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu di scelta rapida di crittografia"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Sincronia file"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Estensione di icona di HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Tipi di carattere"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profilo ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Pagina di protezione della stampante"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Estensioni shell per la condivisione"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Estensione Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Estensione firma crittografata"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connessioni di rete"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connessioni di rete"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner e fotocamere digitali"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner e fotocamere digitali"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner e fotocamere digitali"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner e fotocamere digitali"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner e fotocamere digitali"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Estensione shell per Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Operazioni pianificate"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra delle applicazioni e menu di avvio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Cerca"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Guida in linea e supporto tecnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Guida in linea e supporto tecnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Esegui..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Posta elettronica"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Tipi di carattere"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Strumenti di amministrazione"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra degli strumenti Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stato del download"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Shell Folder accresciuto"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Shell Folder 2 accresciuto"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="SearchBand"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Ricerca all'interno"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Ricerca Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilit… opzioni della struttura del Registro di sistema"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Indirizzo"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Completamento automatico Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Elenco di Completamento automatico MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Elenco di Completamento automatico MRU personalizzato"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessibile"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Indicatore di avanzamento popup"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser della barra degli indirizzi"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Elenco di Completamento automatico della Cronologia di Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Elenco di Completamento automatico di Shell Folder di Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenitore dell'elenco di Completamento automatico multiplo Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistenza utente"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Impostazioni cartella globale"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servizio Cronologia Url Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Cronologia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="File temporanei Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="File temporanei Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook per la ricerca di URL Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Schermata iniziale applicazioni Internet Explorer 4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Cartella cache ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Cartella Subscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestione applicazioni shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumeratore applicazioni installate"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI + programma di estrazione file in anteprima"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Programma di estrazione pagine HTML in anteprima"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Pubblicazione guidata sul Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Ordinazione di stampe tramite Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Oggetto Pubblicazione guidata sul Web"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Creazione guidata profilo Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Account utente"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="File del canale"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Collegamento al canale"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Cartella file non in linea"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Contatti..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile"
"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler"
"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile

Continua

[xcoachx]

ultimo pezzo

PropertySheetHandler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Cartelle Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
@=""
"{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}"="VPCHostCopyHook"
"{5071CDA5-D3E1-11D5-BFC0-005004A71005}"="Advanced JPEG Compressor Context Menu Shell Extension"
"{D11DF44E-B780-4BEB-8F4D-01F939D089DC}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"



************************************************** ********************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D11DF44E-B780-4BEB-8F4D-01F939D089DC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D11DF44E-B780-4BEB-8F4D-01F939D089DC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D11DF44E-B780-4BEB-8F4D-01F939D089DC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D11DF44E-B780-4BEB-8F4D-01F939D089DC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mbaatext.dll"
"ThreadingModel"="Apartment"

************************************************** ********************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
enpql1~1.dll Thu 3 Nov 2005 8.19.48 ..S.R 235.491 229,97 K
g4jo0e~1.dll Thu 3 Nov 2005 13.49.48 ..S.R 236.135 230,60 K
lv2609~1.dll Tue 1 Nov 2005 21.44.10 ..S.R 234.272 228,78 K
m6julg~1.dll Wed 2 Nov 2005 8.44.20 ..S.R 234.947 229,44 K
matscax.dll Wed 2 Nov 2005 17.44.22 ..S.R 235.491 229,97 K
mbaatext.dll Thu 3 Nov 2005 17.25.28 ..S.R 235.491 229,97 K
mxrddm.dll Wed 2 Nov 2005 23.18.14 ..S.R 234.947 229,44 K
rxipxmib.dll Wed 2 Nov 2005 12.43.12 ..S.R 234.272 228,78 K

8 items found: 8 files (8 H/S), 0 directories.
Total of file sizes: 1.881.046 bytes 1,79 M
Locate .tmp files:

No matches found.
************************************************** ********************************
Directory Listing of system files:
Il volume nell'unit… C Š Andrea
Numero di serie del volume: D0A5-9A58

Directory di C:\WINDOWS\System32

03/11/2005 17.25 235.491 mbaatext.dll
03/11/2005 13.49 236.135 g4jo0e13eh.dll
03/11/2005 08.19 235.491 enpql1751.dll
02/11/2005 23.18 234.947 mxrddm.dll
02/11/2005 17.44 235.491 matscax.dll
02/11/2005 12.43 234.272 rxipxmib.dll
02/11/2005 12.42 <DIR> dllcache
02/11/2005 08.44 234.947 m6julg1916.dll
01/11/2005 21.44 234.272 lv2609fse.dll
29/01/2004 17.37 <DIR> Microsoft
25/01/2004 19.57 2.516 KGyGaAvL.sys
09/11/2003 19.59 56 156BD00164.sys
05/01/2002 03.40 487.424 msvcp70.dll
11 File 2.371.042 byte
2 Directory 24.770.408.448 byte disponibili

Ok è tutto

Se spezzato in tre post non è chiaro te lo posso spedire anche tramite email tutto intero ..nel caso se è necassario inviami pure ilt uo indirizzo..

Ciao Ciao

[LUCASS]

Ciao perfetto grazie,adesso esegui queste istruzioni
(senza essere connesso e con tutte le applicazioni chiuse)

-Apri la cartella l2mfix
-Clicca su l2mfix.bat
-Si apre la finestra del prompt
-Digita 2 dove lampeggia il cursore INVIO
-Premi un tasto per riavviare il pc
-Dopo il riavvio le icone e il desktop scomparirà è normale
-L2mfix continua a scansionare il tuo pc,quando hai finito si aprirà il block notes
-Copia e incolla il contenuto del block notes qui

PS:Fammi sapere se le icone e desktop scompaiono e se si apre il block notes,se non succede è un bel guaio

PPS:Per i file da analizzare
start>pannello di controllo>opzioni cartelle
-Clicca su "Visualizzazione"
-Metti la spunta nella casella "Visualizza file e cartelle nascoste"
-Togli la spunta dalla casella "Nascondi file di sistema(consigliato)
-Rispondi SI al messaggio
-Applica>ok

Adesso dovresti trovare quei file,per l'ultimo che ti ho messo puoi evitarlo di analizzare dato che il nome potrebbe variare ad ogni riavvio

[xcoachx]

Eccomi Qua Lucass allora i file anche provando a visualizzare quelli nascosti non li ho trovati..

Veniamo alla seconda prova.. lanciato L2mfix selezionato2 il pc rebotta ma non parte nulla... tutto riparte normale come se niente fosse stato fatto.. booo allora dalla cartella del programma ho letto il readme che diceva nel caso non partisse lo scan di lanciare il file SECOND e infatti lanciandolo parte uno scanning scompaiono le icone e mi si apre il notepad con il log.. lo allego ;.. nella speranza possa essere utile...


Prima parte

L2Mfix 1.04a

Running From:
C:\Documents and Settings\Andrea Borsari\Desktop\l2mfix\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

Setting Directory
C:\Documents and Settings\Andrea Borsari\Desktop\l2mfix\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Andrea Borsari\Desktop\l2mfix\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 428 'explorer.exe'
Killing PID 428 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1644 'rundll32.exe'
Killing PID 1328 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\lv2609fse.dll
1 file copiati.
Backing Up: C:\WINDOWS\system32\m6julg1916.dll
1 file copiati.
Backing Up: C:\WINDOWS\system32\matscax.dll
1 file copiati.
Backing Up: C:\WINDOWS\system32\mbaatext.dll
1 file copiati.
Backing Up: C:\WINDOWS\system32\mjxml3.dll
1 file copiati.
Backing Up: C:\WINDOWS\system32\mxrddm.dll
1 file copiati.
Backing Up: C:\WINDOWS\system32\rxipxmib.dll
1 file copiati.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file copiati.
deleting: C:\WINDOWS\system32\lv2609fse.dll
Successfully Deleted: C:\WINDOWS\system32\lv2609fse.dll
deleting: C:\WINDOWS\system32\m6julg1916.dll
Successfully Deleted: C:\WINDOWS\system32\m6julg1916.dll
deleting: C:\WINDOWS\system32\matscax.dll
Successfully Deleted: C:\WINDOWS\system32\matscax.dll
deleting: C:\WINDOWS\system32\mbaatext.dll
Successfully Deleted: C:\WINDOWS\system32\mbaatext.dll
deleting: C:\WINDOWS\system32\mjxml3.dll
Successfully Deleted: C:\WINDOWS\system32\mjxml3.dll
deleting: C:\WINDOWS\system32\mxrddm.dll
Successfully Deleted: C:\WINDOWS\system32\mxrddm.dll
deleting: C:\WINDOWS\system32\rxipxmib.dll
Successfully Deleted: C:\WINDOWS\system32\rxipxmib.dll
deleting: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: lv2609fse.dll (164 bytes security) (deflated 4%)
adding: m6julg1916.dll (164 bytes security) (deflated 5%)
adding: matscax.dll (164 bytes security) (deflated 5%)
adding: mbaatext.dll (164 bytes security) (deflated 5%)
adding: mjxml3.dll (164 bytes security) (deflated 5%)
adding: mxrddm.dll (164 bytes security) (deflated 5%)
adding: rxipxmib.dll (164 bytes security) (deflated 4%)
adding: guard.tmp (164 bytes security) (deflated 5%)
adding: clear.reg (164 bytes security) (deflated 22%)
adding: echo.reg (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (deflated 6%)
adding: lo2.txt (164 bytes security) (deflated 79%)
adding: readme.txt (164 bytes security) (deflated 52%)
adding: report.txt (164 bytes security) (deflated 64%)
adding: test.txt (164 bytes security) (deflated 68%)
adding: test2.txt (164 bytes security) (deflated 2%)
adding: test3.txt (164 bytes security) (deflated 2%)
adding: test5.txt (164 bytes security) (deflated 2%)
adding: xfind.txt (164 bytes security) (deflated 61%)
adding: backregs/D11DF44E-B780-4BEB-8F4D-01F939D089DC.reg (164 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)

[xcoachx]

Seconda parte:

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Warning (option /rgaci)) - There is no ACE to remove!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: lv2609fse.dll
deleting local copy: m6julg1916.dll
deleting local copy: matscax.dll
deleting local copy: mbaatext.dll
deleting local copy: mjxml3.dll
deleting local copy: mxrddm.dll
deleting local copy: rxipxmib.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
************************************************** **************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33, 00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e, 00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\g4jo0e13eh.d ll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEven t"
"Logoff"="UnregisterTicketExpiredNotificationEvent "
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
************************************************** **************************
C:\WINDOWS\system32\lv2609fse.dll
C:\WINDOWS\system32\m6julg1916.dll
C:\WINDOWS\system32\matscax.dll
C:\WINDOWS\system32\mbaatext.dll
C:\WINDOWS\system32\mjxml3.dll
C:\WINDOWS\system32\mxrddm.dll
C:\WINDOWS\system32\rxipxmib.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
************************************************** **************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{D11DF44E-B780-4BEB-8F4D-01F939D089DC}"=-
[-HKEY_CLASSES_ROOT\CLSID\{D11DF44E-B780-4BEB-8F4D-01F939D089DC}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
************************************************** **************************
Desktop.ini Contents:
************************************************** **************************
************************************************** **************************
Ciao ciao e arigrazie mille..speriamo bene..

Andrea!

[LUCASS]

Ok vediamo se è tutto risolto,riposta un log di hiajck aggiornato,per i file mi sembra strano
scaricati questo programma(è free)
http://www.safer-networking.org/files/sfp.zip
Scompattalo in una cartella,clicca su SFP.exe
Si apre il programma,copia e incolla la riga blu che ti metto sotto nella box step 1
C:\WINDOWS\avidup.exe
Clicca su Continue

Riapri il programma copia e incolla la riga blu che ti metto sotto nella box step 1
C:\WINDOWS\wavdriver.exe
Clicca su Continue

Adesso sul desktop hai due file con questo nome requested-files[2005-11-03_21_32].cab
fai analizzare i file singolarmente in questo sito
http://virusscan.jotti.org/



PS:Il second.bat serviva appunto se le icone non scomparivano ecco perchè ti ho detto di riportarmi se scomparivano le icone,bravo