Opzioni internet bloccate [era:problemone!]

[chatdriver]

salve a tutti e grazie dell'aiuto che eventualmente vorrete darmi
ho un problema sul pc dell'ufficio (il mio capo la deve smettere di "pacioccare" nei siti porno ) premetto che sono poco esperta comunque...
da un pò di tempo a questa parte non mi è più possibile cambiare l'home page di explorer in quanto quando faccio
strumenti-->opzioni internet i tasti che una volta erano cliccabili ora sono disabilitati
ho provato ad accedere al regedit, ma quando faccio esegui-->regedit mi dice "registro disabilitato dall'amministratore" (fino a qualche tempo fa si apriva)
ho scarico "Registry Commander" sono riuscita a riprestinari i tasti ma....(c'è sempre un ma...) quando riavvio, tutto torna come prima
ho usato norton,avg,sbybot, ad aware ecc... tutti aggiornatissimi ma non trovano nulla...(o meglio trovano, cancellano ma al riavvio tutto come prima) aiuuuuutatemi vi prego!

ehm...neanche a dirlo...vorrei scampare il format altrimenti mi spettano ore di straordinario (gratis) da passare sul pc

credo che questo dovrebbe essere utile:
Logfile of HijackThis v1.99.1
Scan saved at 14.35.30, on 20/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Aezay Productions\Registry Commander\RegCmd.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\lauri\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = server:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.0.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!!!!01234-lux-chat-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-CH~1.EXE /ns
O4 - HKLM\..\Run: [MailCleanerPre] C:\PROGRA~1\COMMON~1\MAILCL~1.EXE
O4 - HKLM\..\Run: [!!!!01234-lux-video-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-VI~1.EXE /ns
O4 - HKLM\..\Run: [SyncUpd] regedit.exe -s C:\WINNT\sysreg.reg
O4 - HKLM\..\Run: [Zone system] C:\WINNT\szchost.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [Olympic] c:\programmi\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [vlvmpqkqrajhf] C:\WINNT\system32\hequca.exe
O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe
O4 - HKLM\..\Run: [Connector] C:\WINNT\system32\ShellExt\sys.EXE -n
O4 - HKLM\..\Run: [UltimateCleanerMonitor] "C:\Programmi\Ultimate Cleaner\UltimateCleaner.exe" monitor
O4 - HKLM\..\Run: [UltimateCleanerUpdate] "C:\Programmi\Ultimate Cleaner\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Microsoft® JavaScript® Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx
O9 - Extra button: Microsoft® JavaScript® Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx (HKCU)
O13 - DefaultPrefix: http://www.searchmeup.com/search.php?aid=31252&q=
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/Pes...r/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {AF4876C8-065A-5749-9018-ADDA9703A00F} - http://download.capitan-trash.com/xxx/sessoit.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa1793.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dia...vex_451_it.exe
O20 - AppInit_DLLs: c:\winnt\system32\ctlo.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

[LUCASS]

E' un bel casino
Sposta la cartella di hiajck in una permanente
1-Avvia in modalita provvisoria
2-Apri hijack,clicca sul 2 pulsante e metti le spunte nelle caselle che corrispondono alle stringhe che ti metto sotto e clicca su FIX CHECKED per eliminarle

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about :search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about :search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about :blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SyncUpd] regedit.exe -s C:\WINNT\sysreg.reg
O4 - HKLM\..\Run: [Zone system] C:\WINNT\szchost.exe
O4 - HKLM\..\Run: [Olympic] c:\programmi\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [vlvmpqkqrajhf] C:\WINNT\system32\hequca.exe
O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe
O4 - HKLM\..\Run: [Connector] C:\WINNT\system32\ShellExt\sys.EXE -n
O6 - HKCU\Software\Policies\Microsoft\Interne
O6 - HKCU\Software\Policies\Microsoft\Interne
O7 - HKCU\Software\Microsoft\Windows\CurrentV
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O13 - DefaultPrefix: http://www.searchmeup.com/search.php?aid=31252&q=
O16 - DPF: {AF4876C8-065A-5749-9018-ADDA9703A00F} - http://download.capitan-trash.com/xxx/sessoit.exe
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa1793.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/di...ivex_451_it.exe
O20 - AppInit_DLLs: c:\winnt\system32\ctlo.dll

3-start>pannello di controllo>opzioni cartella
-portati sulla scheda "Visualizzazione"
-Metti la spunta nella casella "Visualizza file e cartelle nascoste"
-TOGLI la spunta dalla casella "Nascondi file di sistema(consigliato)
-Rispondi di SI al messaggio
-Applica>OK

4-Start>accessori>esplora risorse
Elimina la cartella in rosso
c:\programmi\sgrunt
Elimina i files in rosso
C:\WINNT\sysreg.reg
C:\WINNT\szchost.exe
C:\WINNT\system32\hequca.exe
C:\WINNT\system32\ShellExt\sys.EXE
c:\winnt\system32\ctlo.dll

Con la funzione cerca,assicurati di cercare in tutte le cartelle trova e se ci sono elimina questi file
taskopen.exe
gsa1793.exe
di...ivex_451_it.exe
sessoit.exe
SVUOTA IL CESTINO
Riavvia in modalita normale e risposta il log aggiornato ci sono varie cose da approfondire

[holifay]

in aggiunta a quanto sopra, a me sembrano anche sospetti:

O4 - HKLM\..\Run: [!!!!01234-lux-chat-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-CH~1.EXE /ns
O4 - HKLM\..\Run: [!!!!01234-lux-chat-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-CH~1.EXE /ns

Penso vadano fixati anche loro e l'eseguibile cancellato.

Dovresti anche cancellare i file dalla cache di internet explorer

[chatdriver]

aaaallora ho fatto tutto ma:
06 - HKCU\Software\Policies\Microsoft\Interne
non c'era in mod provvisoria (mah)
tutto il resto l'ho elimitato

appena ho riavviato mi ha dato un errore nel registro di sistema
diceva che non trovava il sysreg.reg

poi, è apparso un collegamento "invisibile" sul desktop che non riesco ad eliminare denominato "exsplorer" senza estensione

ancora non riesco a cambiare l'home page e ad accedere al registro di sistema


e questo è il log attuale:

Logfile of HijackThis v1.99.1
Scan saved at 15.44.39, on 20/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\lauri\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = server:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.0.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!!!!01234-lux-chat-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-CH~1.EXE /ns
O4 - HKLM\..\Run: [MailCleanerPre] C:\PROGRA~1\COMMON~1\MAILCL~1.EXE
O4 - HKLM\..\Run: [!!!!01234-lux-video-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-VI~1.EXE /ns
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [UltimateCleanerMonitor] "C:\Programmi\Ultimate Cleaner\UltimateCleaner.exe" monitor
O4 - HKLM\..\Run: [UltimateCleanerUpdate] "C:\Programmi\Ultimate Cleaner\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Microsoft® JavaScript® Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx
O9 - Extra button: Microsoft® JavaScript® Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/Pes...r/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

[chatdriver]

aaaallora ho fatto tutto ma:
06 - HKCU\Software\Policies\Microsoft\Interne

non c'era in mod provvisoria (mah)
ooooooooops avevo saltato la righa sotto... sorry

[LUCASS]

E vabbene,mi sa che qua la cosa si fa complicata
Il log lo devi fare dalla modalità normale quando lo posti nel forum poi le procedure dalla provvisoria,quindi risposta il log fatto dalla modalità normale ma prima sposta hijack in
C:\HijackThis\HijackThis.exe
o
C:\Programmi\HijackThis\HijackThis.exe



PS:Come dice holifay ci sono quei file da controllare ma hijack li tronca e non si possono controllare su google

PPS:Al registro falli dire quello che lo pare le modifiche che avevi sono state fatte da un malware
http://www.sophos.com/virusinfo/anal...startpame.html
VVoVe: VVoVe: VVoVe:

[holifay]

a parte le voci della lux-chat che dicevo prima, mancano ancora da fixare:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

[chatdriver]

come faccio a darvi più informazioni su
O4 - HKLM\..\Run: [!!!!01234-lux-chat-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-CH~1.EXE /ns

O4 - HKLM\..\Run: [!!!!01234-lux-video-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-VI~1.EXE /ns

---------------------------------------
ecco il log fatto dalla modalità normale

Logfile of HijackThis v1.99.1
Scan saved at 16.38.07, on 20/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = server:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.0.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!!!!01234-lux-chat-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-CH~1.EXE /ns
O4 - HKLM\..\Run: [MailCleanerPre] C:\PROGRA~1\COMMON~1\MAILCL~1.EXE
O4 - HKLM\..\Run: [!!!!01234-lux-video-fl] C:\DOCUME~1\lauri\DATIAP~1\LUX-VI~1.EXE /ns
O4 - HKLM\..\Run: [SyncUpd] regedit.exe -s C:\WINNT\sysreg.reg
O4 - HKLM\..\Run: [Zone system] C:\WINNT\szchost.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [Olympic] c:\programmi\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [vlvmpqkqrajhf] C:\WINNT\system32\hequca.exe
O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe
O4 - HKLM\..\Run: [Connector] C:\WINNT\system32\ShellExt\sys.EXE -n
O4 - HKLM\..\Run: [UltimateCleanerMonitor] "C:\Programmi\Ultimate Cleaner\UltimateCleaner.exe" monitor
O4 - HKLM\..\Run: [UltimateCleanerUpdate] "C:\Programmi\Ultimate Cleaner\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Microsoft® JavaScript® Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx
O9 - Extra button: Microsoft® JavaScript® Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {DB120942-735B-4D3B-B755-EC39E4236E91} - C:\WINNT\system32\Comdlg32.ocx (HKCU)
O13 - DefaultPrefix: http://www.searchmeup.com/search.php?aid=31252&q=
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/Pes...r/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {AF4876C8-065A-5749-9018-ADDA9703A00F} - http://download.capitan-trash.com/xxx/sessoit.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa1793.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dia...vex_451_it.exe
O20 - AppInit_DLLs: c:\winnt\system32\ctlo.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

[chatdriver]

ora sono riesco finalmente a cambiare l'home e ad accedere al registro!!!! graaaaaaaazie!!!!

p.s. quel antipatico collegamento sul desktop si può eliminare? o chiedo troppo?

p.s.2 esistono software che non permettono di visitare certi siti? tipo net nanny...però che faccia questa cosa in "silenzio" così il mio capo smette di fare guai e si chiederà a vita come mai non riesce più a vedere le donnine nude sul pc?? :maLOL:

[holifay]

ehm... hai ripostato quello iniziale?

A parte la possibilità di accedere alle impostazioni del desktop e di IE, se il log è quello nuovo ancora non ci siamo. Ricomincia con più calma fixando anche le 2 voci che ti dicevo oltre a quelle di Lucass e seguendo con calma le varie indicazioni.

Non avere paura di fixare le voci "1234-lux-chat-fl", si possono sempre ripristinare dal backup.