Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 17
  1. 10-09-2006, 12:33 #1
    theonlyshark
    theonlyshark non è in linea
    Utente di HTML.it
    Registrato dal
    Sep 2006
    Messaggi
    9

    AIUTO!!!! Trojan ineliminabile!!

    Ciao a tutti,
    all'avvio di Windows, Avg mi trova sempre un trojan nella cartella
    C:/programmi/file comuni/services

    con il nome di VAIW.exe . Il problema è che non riesce ad eliminarlo, perchè dice che il file è protetto. Il bello è che se poi faccio fare la scansione sempre di quella cartella all'Avg, lui non trova nessun Virus o trojan!! Ho provato anche con Spyboot e ADaware ma non trovano niente. Ho provato ad eliminarlo manualmente, ma quando apro quella cartella e clicco su quel file, l'explorer crasha e si chiude tutto. Ho provato anche ad eliminarlo dal DOS o avviando win in modalità provvisoria ma niente, mi dice che il file è protetto e non lo elimina.

    Cos'altro posso fare prima di formattare il pc???

    Grazie anticipatamente.
    Rispondi quotando Rispondi quotando
  2. 10-09-2006, 12:57 #2
    theonlyshark
    theonlyshark non è in linea
    Utente di HTML.it
    Registrato dal
    Sep 2006
    Messaggi
    9

    Log di Hijack

    Posto il log di hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 12.39.36, on 10/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
    C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Francesco\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Class - {35E4E70D-02E8-5BB0-F4D6-48C0DBBA939F} - C:\WINDOWS\kfwki1.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [cjqa1.exe] C:\WINDOWS\Temp\cjqa1.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Rispondi quotando Rispondi quotando
  3. 10-09-2006, 16:40 #3
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    scarica sul desktop GMER
    scopatta, sempre sul desktop il file gmer.zip.
    Esegui gmer.exe
    Clicca sul Tab "Rootkit"
    Clicca su "Scan"
    finita la scansione clicca su "Copy"
    Apri il Blocco Note incolla il risultato (CTRL+V)

    Esegui gmer.exe
    Clicca sul Tab "Autostart"
    Clicca su "Scan"
    finita la scansione clicca su "Copy"
    Apri il Blocco Note incolla il risultato (CTRL+V)

    Copia in questa discussione entrambi i log
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  4. 10-09-2006, 19:57 #4
    theonlyshark
    theonlyshark non è in linea
    Utente di HTML.it
    Registrato dal
    Sep 2006
    Messaggi
    9
    Non mi installa questo Gmer!!! xchè?
    Rispondi quotando Rispondi quotando
  5. 10-09-2006, 20:11 #5
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    scarica
    http://www.prevx.com/gromozon.asp

    disabilita momentaneamente il tuo antivirus
    esegui il tool, il pc si riavvierà.

    Al riavvio partirà la scansione in automatico del tool, portati ora in C:\ e posta il risultato del log gromozon_removal.log

    Riavvia ed esegui GMER, posta i due log

    scarica The Avenger

    Start>Esegui scrivi cmd dai l'OK
    All'apertura del prompt, rispettando gli spazi digiti:
    cd C:\programmi\file comuni\system ==>dai l'invio
    dir > c:\files.txt ==> dai l'invio

    Apri C:\ posta il contenuto del file files.txt.




    Start>Esegui scrivi
    control userpasswords2
    dai l'OK
    riportami nella tua prossima risposta i nomi account
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  6. 10-09-2006, 20:31 #6
    theonlyshark
    theonlyshark non è in linea
    Utente di HTML.it
    Registrato dal
    Sep 2006
    Messaggi
    9
    Ho risolto tutto! avevo postato la questione in un altro forum e mi hanno detto anche lì di usare prevxremovaltool (che lo ha finalmente cancellato). mi hanno detto che era una variante di linkoptimmizer.
    cmq ti ringrazio lo stesso.
    Ciao!
    Rispondi quotando Rispondi quotando
  7. 10-09-2006, 21:15 #7
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    se sei sicuro d'aver rimosso tutto ok, io comunque un controllo con GMER lo farei
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  8. 11-09-2006, 13:28 #8
    theonlyshark
    theonlyshark non è in linea
    Utente di HTML.it
    Registrato dal
    Sep 2006
    Messaggi
    9
    finalmente sono riuscito a far funzionare Gmer (ieri non partiva)... ecco i log che mi avevi chiesto... c'è niente di strano??


    GMER 1.0.10.10122 - http://www.gmer.net
    Rootkit 2006-09-11 13:26:56
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.10 ----

    SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
    SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
    SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
    SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
    SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
    SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

    ---- Devices - GMER 1.0.10 ----

    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F8A9985A] avgtdi.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8A9985A] avgtdi.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8A9985A] avgtdi.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F8A9985A] avgtdi.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [BA47C230] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F8A9985A] avgtdi.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [BA47C230] vsdatant.sys

    ---- Files - GMER 1.0.10 ----

    File C:\System Volume Information\MountPointManagerRemoteDatabase
    File C:\System Volume Information\tracking.log

    ---- EOF - GMER 1.0.10 ----
    Rispondi quotando Rispondi quotando
  9. 11-09-2006, 13:29 #9
    theonlyshark
    theonlyshark non è in linea
    Utente di HTML.it
    Registrato dal
    Sep 2006
    Messaggi
    9
    ecco quello dell'autostart

    GMER 1.0.10.10122 - http://www.gmer.net
    Autostart 2006-09-11 13:27:34
    Windows 5.1.2600 Service Pack 2


    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

    HKLM\SYSTEM\CurrentControlSet\Services\ >>>
    Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
    NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
    SecDyu /*SecDyu*/@ = "C:\Programmi\File comuni\Services\VAIW.exe" /*file not found*/
    Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
    vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
    @D066UUtilityC:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE = C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    @HP Software Update"C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" = "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    @HP Component Manager"C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" = "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
    @HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\ hpztsb09.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    @DeviceDiscoveryC:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    @AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    @AVG7_EMCC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    @NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
    @Acrobat Assistant 7.0"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    @ /*file not found*/ = /*file not found*/
    @RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVD Serv.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    @SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_04\b in\jusched.exe = C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
    @CloneCDTray"C:\Programmi\SlySoft\CloneCD\CloneCDT ray.exe" /s = "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
    @Zone Labs ClientC:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
    @QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
    @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    @nwiznwiz.exe /install = nwiz.exe /install
    @NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    @updateMgr"C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1 = "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved >>>
    @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
    @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
    @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
    @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
    @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
    @{310A0C95-EA11-42AE-A8E4-53E69E650310} /*ZipGenius Zip Drop handler*/C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL = C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL
    @{3E307794-57B9-473A-98CC-4A039255063F} /*OpenOffice.org/ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\oodll.dll = C:\PROGRA~1\ZIPGEN~1\oodll.dll
    @{FE8D01BF-610A-4261-9C6E-32D65A42C907} /*ZipGenius 5.5 DnD Extract handler*/C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL = C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL
    @{2E5AC2E0-406D-11D4-86B3-FA5861508E25} /*ZipGenius Zip InfoTip*/C:\PROGRA~1\ZIPGEN~1\zgtips.dll = C:\PROGRA~1\ZIPGEN~1\zgtips.dll
    @{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\contmenu.dll = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
    @{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
    @{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
    @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
    @{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
    @{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
    @{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
    @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
    @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
    @{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/C:\Programmi\PowerISO\PWRISOSH.DLL = C:\Programmi\PowerISO\PWRISOSH.DLL
    @{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
    @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
    @{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
    @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
    @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll

    HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ >>>
    Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
    AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
    PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Programmi\PowerISO\PWRISOSH.DLL
    ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll

    HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ >>>
    PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Programmi\PowerISO\PWRISOSH.DLL
    ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll

    HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ >>>
    AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
    PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Programmi\PowerISO\PWRISOSH.DLL

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects >>>
    @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    @{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

    HKLM\Software\Microsoft\Internet Explorer\Main >>>
    @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
    @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

    HKCU\Software\Microsoft\Internet Explorer\Main >>>
    @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

    HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

    HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
    cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
    cetihpz@CLSID = C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
    dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
    its@CLSID = C:\WINDOWS\system32\itss.dll
    mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
    ms-its@CLSID = C:\WINDOWS\system32\itss.dll
    ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
    msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
    mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DL L
    mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DL L
    tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

    HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Microsoft Office.lnk

    ---- EOF - GMER 1.0.10 ----
    Rispondi quotando Rispondi quotando
  10. 11-09-2006, 13:39 #10
    holifay
    holifay non è in linea
    Utente di HTML.it L'avatar di holifay
    Registrato dal
    May 2005
    Messaggi
    1,330
    Devi ancora eliminare la chiave HKLM/SYSTEM/CurrentControlSet/Services/SecDyu
    Pensi di avere un file infetto? Invialo a SuspectFile
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.