Olimpo Informatico

[Paolo333]

Ho seguito le tue indicazioni, ma anche in modalità provvisoria non riesco a zippare delldsk.exe per gli stessi motivi sopraelencati e non trovo msl.exe

Inoltre ho provato ad eseguire il comando in DOS ma non lo riconosce




[/img]

[holifay]

ah, giusto... hai W2k. Non sto a farti scaricare sc.exe, vai avanti con la procedura, non è essenziale.

Il file delldsk.exe prova a zipparlo dopo aver terminato il processo dal task manager.

[Paolo333]

Sì, chiudendo il processo sul Task Manager sono riuscito a zippare il file
Non riesco a trovare msl.exe

In modalita provvisoria sono riuscito ad eliminare dell.dsk, che nel frattempo aveva cambiato icona (con una "e" di explorer)

ecco i log che mi hai richiesto:

mi sembra che O4 - HKLM\..\Run: [Microsoft Explorer] msl.exe ci sia ancora

Comunque prvx/gromozon, mi ha eliminato i fastidiosi pop up di Google, inoltre le finestre di explorer ora si aprono più velocemente

Siete veramente bravi

Citazione:

Logfile of HijackThis v1.99.1 Scan saved at 2:53:04 PM, on 9/18/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\Norton Internet Security\NISUM.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Norton Internet Security\ccPxySvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\mgabg.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\soundman.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINNT\system32\Linksts.exe C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\D4\D4.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Documents and Settings\Max1\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024 O4 - HKLM\..\Run: [Microsoft Explorer] msl.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Update] C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKLM\..\Run: [Dimension4] C:\Programmi\D4\D4.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122736782765 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignaltraining.webex.com/client/v_mywebex/webex/ieatgpc.cab O16 - DPF: {E84D31FB-302A-4F6D-86F7-94A685E9672B} (CQGGUID.GUIDGenerator) - https://www.cqgtrader.com/Global/CQGGUID.CAB O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Citazione:

Removal tool loaded into memory ------------------------------------ Executing rootkit removal engine.... ------------------------------------ Disabling rootkit file: \\?\C:\WINNT\system32\lpt3.ksa Resetting file permissions... Clearing attributes... Impossibile trovare il file - C:\_cleaned.tmp Removing file... Rootkit removed! Cleaning up... Removing temp files... Scanning: C:\WINNT Gromozon-Related Malicious Code Detected! FileName: C:\WINNT\12.tmp Removed! Gromozon-Related Malicious Code Detected! FileName: C:\WINNT\cscil1.dll Removed! Trojan.Gromozon Removed!

[holifay]

Bene, ma non abbiamo ancora finito

Grazie per aver inviato il file. Trovi le analisi qui:
http://www.suspectfile.com/forum/viewtopic.php?t=347

Al momento è riconosciuto da ben pochi, tra cui Panda per cui conviene fare una scansione online.

Scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe
Seleziona l'opzione Input Script Manually
Clicca sulla lente di ingrandimento

Ti si apre una finestra View/edit script
All'interno del box bianco,copia e incolla le scritte in rosso:

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Adesso scarica sul desktop GMER http://www.gmer.net/gmer.zip
decomprimi sul desktop il file gmer.zip.
Esegui gmer.exe
Clicca sul Tab Rootkit
Clicca su Scan
finita la scansione clicca su Copy
Apri il Blocco Note incolla il risultato (CTRL+V)
Salva il file(rootkit.txt)

Esegui gmer.exe
Clicca sul Tab Autostart
Spunta la casella Show All
Clicca su Scan
finita la scansione clicca su Copy
Apri il Blocco Note incolla il risultato (CTRL+V)
Salva il file(autostart.txt)

Collegati al sito di panda e fai una scansione online (disattiva temporaneament il tuo AV). Al termine clicca su see report e salva il log.

posta i seguenti logs:

avenger.txt (salvato da avenger)
rootkit.txt (da GMER)
autostart.txt (da GMER)
log di Panda
nuovo log di hijackthis

[Paolo333]

AIUTO!!

Sono statto attaccato da tre Trojan mentre stavo facendo lo scanner con Panda

Due sono Trojan Horse Download Generic2.NUA
- aws32.exe
- aw1.exe

rilevati da AVG e poi:

Trojan Horse Lpt3.ksa rilevato da Norton

l'attacco proveniva da MSRC SrvSvc Net Api Buffer Overflow (2)

sono andato in modalità provvisoria ma non sono riuscito a rimuoverli

Ora il mio PC funziona male e al riavvio mi appare un messaggio di windows che mi avvisa che il mio PC è infetto e mi consiglia di effettuare una scansione online presso un sito che in questo momento non ricordo...

Allego anche i log richiesti e attendo un aiuto, grazie

Citazione:

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\nhwcpgsw ******************* Script file located at: \??\C:\iljdoblg.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.

Citazione:

GMER 1.0.11.11349 - http://www.gmer.net Rootkit 2006-09-18 19:24:06 Windows 5.0.2195 Service Pack 4 ---- System - GMER 1.0.11 ---- SSDT 81C84BA8 ZwConnectPort ---- Devices - GMER 1.0.11 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EB97A85A] avgtdi.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB97A85A] avgtdi.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB97A85A] avgtdi.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB97A85A] avgtdi.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [EB97A85A] avgtdi.sys ---- Processes - GMER 1.0.11 ---- Process svchost.exe (*** hidden *** ) [1140] 816B8020 Process services.exe (*** hidden *** ) [288] 817D2B00 Process svchost.exe (*** hidden *** ) [776] 81730580 Process avgamsvr.exe (*** hidden *** ) [696] 81748D60 Process lsass.exe (*** hidden *** ) [300] 817CF200 Process pppoeservice.ex (*** hidden *** ) [972] 816EB580 Process WinMgmt.exe (*** hidden *** ) [1832] 814D1020 Process System (*** hidden *** ) [8] 8203F8E0 Process csrss.exe (*** hidden *** ) [240] 819EBAE0 Process winlogon.exe (*** hidden *** ) [232] 817E2020 Process navapsvc.exe (*** hidden *** ) [852] 8170F620 Process avgemc.exe (*** hidden *** ) [748] 8173AD60 Process ccPxySvc.exe (*** hidden *** ) [760] 817349A0 Process EnterNet.exe (*** hidden *** ) [1980] 81455D60 Process smss.exe (*** hidden *** ) [220] 81A0D2C0 Process Ati2evxx.exe (*** hidden *** ) [412] 817AF8E0 Process svchost.exe (*** hidden *** ) [496] 8179A800 Process spoolsv.exe (*** hidden *** ) [524] 8178BD60 Process NISUM.EXE (*** hidden *** ) [568] 8177F020 Process ccEvtMgr.exe (*** hidden *** ) [552] 81788160 Process avgupsvc.exe (*** hidden *** ) [728] 8174B020 Process MSTask.exe (*** hidden *** ) [1008] 816DA020 Process svchost.exe (*** hidden *** ) [1152] 816B3D60 Process regsvc.exe (*** hidden *** ) [988] 816E5D20 Process Ati2evxx.exe (*** hidden *** ) [512] 815DCD60 Process mgabg.exe (*** hidden *** ) [828] 8171D7A0 ---- EOF - GMER 1.0.11 ----

Citazione:

GMER 1.0.11.11349 - http://www.gmer.net Autostart 2006-09-18 19:26:42 Windows 5.0.2195 Service Pack 4 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>> @UserinitC:\WINNT\SYSTEM32\Userinit.exe, = C:\WINNT\SYSTEM32\Userinit.exe, @ShellExplorer.exe = Explorer.exe @System = HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> AtiExtEvent@DLLName = Ati2evxx.dll crypt32chain@DLLName = crypt32.dll cryptnet@DLLName = cryptnet.dll cscdll@DLLName = cscdll.dll sclgntfy@DLLName = sclgntfy.dll SensLogn@DLLName = WlNotify.dll wzcnotif@DLLName = wzcdlg.dll HKLM\SYSTEM\CurrentControlSet\Services\ >>> Alerter /*Avvisi*/@ = %SystemRoot%\System32\services.exe Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe ATI Smart /*ATI Smart*/@ = C:\WINNT\system32\ati2sgag.exe Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe BITS /*Servizio trasferimento intelligente in background*/@ = %SystemRoot%\System32\svchost.exe -k BITSgroup Browser /*Browser di computer*/@ = %SystemRoot%\System32\services.exe ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe" ccPxySvc /*Symantec Proxy Service*/@ = C:\Programmi\Norton Internet Security\ccPxySvc.exe Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\services.exe dmserver /*Gestione disco logico*/@ = %SystemRoot%\System32\services.exe Dnscache /*Client DNS*/@ = %SystemRoot%\System32\services.exe Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe lanmanserver /*Server*/@ = %SystemRoot%\System32\services.exe lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\services.exe LmHosts /*Servizio guida TCP/IP NetBIOS*/@ = %SystemRoot%\System32\services.exe MGABGEXE /*MGABGEXE*/@ = %SystemRoot%\system32\mgabg.exe navapsvc /*Servizio Norton AntiVirus Auto-Protect*/@ = "C:\Programmi\Norton AntiVirus\navapsvc.exe" NISUM /*Norton Internet Security Accounts Manager*/@ = C:\Programmi\Norton Internet Security\NISUM.EXE NtmsSvc /*Gestione archivi rimovibili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe PolicyAgent /*Agente criteri IPSEC*/@ = %SystemRoot%\System32\lsass.exe PPPoEService /*PPPoE Service*/@ = C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\services.exe RemoteRegistry /*Servizio Registro di sistema remoto*/@ = %SystemRoot%\system32\regsvc.exe RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss SamSs /*Gestione protezione account*/@ = %SystemRoot%\system32\lsass.exe SBService /*ScriptBlocking Service*/@ = C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\system32\MSTask.exe seclogon /*Servizio RunAs*/@ = %SystemRoot%\system32\services.exe SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe SymWSC /*SymWMI Service*/@ = C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\services.exe wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k wugroup HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @SoundMansoundman.exe = soundman.exe @ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" @ccRegVfy"C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" = "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" @ISDN MonitorLinksts.exe W 1024 = Linksts.exe W 1024 @Microsoft Explorermsl.exe /*file not found*/ = msl.exe /*file not found*/ @Symantec NetDriver MonitorC:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer @SSC_UserPromptC:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe = C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe @ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe @ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime @UpdateC:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER /*file not found*/ = C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER /*file not found*/ @Dimension4C:\Programmi\D4\D4.exe = C:\Programmi\D4\D4.exe @AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run >>> @delldsk"c:\winnt\delldsk.exe" /*file not found*/ = "c:\winnt\delldsk.exe" /*file not found*/ @1C:\WINNT\service32.exe /*file not found*/ = C:\WINNT\service32.exe /*file not found*/ HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>> @Network.ConnectionTrayC:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll @WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @SysTraystobject.dll = stobject.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>> @{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L HKLM\Software\Classes\ >>> .exe@ = "%1" %* .com@ = "%1" %* .cmd@ = "%1" %* .bat@ = "%1" %* .pif@ = "%1" %* .scr@ = "%1" /s .hta@ = C:\WINNT\System32\mshta.exe "%1" %* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl @{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll @{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll @{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll @{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll @{41E300E0-78B6-11ce-849B-444553540000} /*Estensione CPL PlusPack*/plustab.dll = plustab.dll @{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll @{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll @{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll @{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll @{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll @{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll @{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) = @{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll @{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll @{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) = @{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll @{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINNT\System32\hticons.dll = C:\WINNT\System32\hticons.dll @{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll @{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll @{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll @{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll @{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensioni di shell per Windows Script Host*/C:\WINNT\system32\wshext.dll = C:\WINNT\system32\wshext.dll @{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll @{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll @{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Rete e connessioni remote*/C:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll @{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll @{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll @{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll @{1A9BA3A0-143A-11CF-8350-444553540000} /*Cartella Preferiti*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{20D04FE0-3AEA-1069-A2D8-08002B30309D} /*Risorse del computer*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{86747AC0-42A0-1069-A2E6-08002B30309D} /*Cartella Sincronia file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{0AFACED1-E828-11D1-9187-B532F1E9575D} /*Collegamento alla cartella*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{12518493-00B2-11d2-9FA5-9E3420524153} /*Volume installato*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{21B22460-3AEA-1069-A2DC-08002B30309D} /*Estensione pagina proprietà file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{B091E540-83E3-11CF-A713-0020AFD79762} /*Pagina tipi di file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{FBF23B41-E3F0-101B-8488-00AA003E56F8} /*Hook di tipi di file MIME*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{C2FBB630-2971-11d1-A18C-00C04FD75D13} /*Servizio CopyTo Microsoft*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{C2FBB631-2971-11d1-A18C-00C04FD75D13} /*Microsoft MoveTo Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{13709620-C279-11CE-A49E-444553540000} /*Servizio automazione della shell*/C:\WINNT\system32\shell32.dll = C:\WINNT\system32\shell32.dll @{62112AA1-EBE4-11cf-A5FB-0020AFE7292D} /*Shell Automation Folder View*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{4622AD11-FF23-11d0-8D34-00A0C90F2719} /*Menu Avvio*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{7BA4C740-9E81-11CF-99D3-00AA004AE837} /*Microsoft SendTo Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{D969A300-E7FF-11d0-A93B-00A0C90F2719} /*Microsoft New Object Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{09799AFB-AD67-11d1-ABCD-00C04FC30936} /*Apri con gestore menu di scelta rapida*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{3FC0B520-68A9-11D0-8D77-00C04FD70822} /*Mostra estensioni HTML del Pannello di controllo*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{75048700-EF1F-11D0-9888-006097DEACF9} /*ActiveDesktop*/C:\WINNT\system32\shell32.dll = C:\WINNT\system32\shell32.dll @{6D5313C0-8C62-11D1-B2CD-006097DF8C11} /*Estensione pagina proprietà Opzioni cartella*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{57651662-CE3E-11D0-8D77-00C04FC99D61} /*CmdFileIcon*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{4657278A-411B-11d2-839A-00C04FD918D0} /*Helper trascinamento selezione Shell*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{A470F8CF-A1E8-4f65-8335-227475AA5C46} /*Aggiungere l'elemento di crittografia al menu di scelta rapida in Esplora risorse*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll @{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{568804CA-CBD7-11d0-9816-00C04FD91972} /*Menu Shell Folder*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{5b4dae26-b807-11d0-9815-00c04fd91972} /*Menu Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{8278F931-2A3E-11d2-838F-00C04FD918D0} /*Tracking Shell Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{E13EF4E4-D2F2-11d0-9816-00C04FD91972} /*Menu Site*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4F-521C-11D0-B792-00A0C90312E1} /*Menu Desk Bar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{D82BE2B0-5764-11D0-A96E-00C04FD705A2} /*IShellFolderBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{0E5CBF21-D15F-11d0-8301-00AA005B4383} /*Co&llegamenti*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7487cd30-f71a-11d0-9ea7-00805f714772} /*Immagine di anteprima*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\System32\sendmail.dll = C:\WINNT\System32\sendmail.dll @{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\System32\sendmail.dll = C:\WINNT\System32\sendmail.dll @{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll @{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{EAB841A0-9550-11CF-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Programma di estrazione filtri grafici di Office in anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{9DBD2C50-62AD-11D0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{500202A0-731E-11D0-B829-00C04FD706EC} /*LNK file thumbnail interface delegator*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{0B124F8C-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{fe1290f0-cfbd-11cf-a330-00aa00c16e65} /*Directory Namespace*/dsfolder.dll = dsfolder.dll @{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/dsfolder.dll = dsfolder.dll @{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/dsquery.dll = dsquery.dll @{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/dsquery.dll = dsquery.dll @{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/dsquery.dll = dsquery.dll @{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/dsuiext.dll = dsuiext.dll @{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/dsuiext.dll = dsuiext.dll @{450D8FBA-AD25-11D0-98A8-0800361B1103} /*MyDocs Folder*/mydocs.dll = mydocs.dll @{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/mydocs.dll = mydocs.dll @{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/mydocs.dll = mydocs.dll @{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/mydocs.dll = mydocs.dll @{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Menu file non in linea*/cscui.dll = cscui.dll @{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Opzioni cartella File non in linea*/cscui.dll = cscui.dll @{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/cscui.dll = cscui.dll @{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/mmcshext.dll = mmcshext.dll @{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll @{59850401-6664-101B-B21C-00AA004BA90B} /*Microsoft Office Binder Unbind*/C:\PROGRA~1\MICROS~2\Office\1040\UNBIND.DLL = C:\PROGRA~1\MICROS~2\Office\1040\UNBIND.DLL @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll @{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINNT\system32\mscoree.dll = C:\WINNT\system32\mscoree.dll @{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\OLE DB\OLEDB32.DLL = C:\Programmi\File comuni\System\OLE DB\OLEDB32.DLL @{4A741382-48B4-11d2-AD84-00A024D24BF3} /*Matrox PowerDesk Properties*/C:\WINNT\system32\PDesk\PDPAGES.DLL = C:\WINNT\system32\PDesk\PDPAGES.DLL @{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a² Context Menu Shell Extension*/(null) = @{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/(null) = @{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) = @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINNT\system32\dfshim.dll = C:\WINNT\system32\dfshim.dll @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINNT\system32\dfshim.dll = C:\WINNT\system32\dfshim.dll @{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll @{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Programmi\Norton AntiVirus\NavShExt.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINNT\system32\sstext3d.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pageabout:blank = about:blank @Local PageC:\WINNT\SYSTEM32\blank.htm = C:\WINNT\SYSTEM32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\ >>> application/octet-stream@CLSID = mscoree.dll application/x-complus@CLSID = mscoree.dll application/x-msdownload@CLSID = mscoree.dll Class Install Handler@CLSID = C:\WINNT\system32\urlmon.dll deflate@CLSID = C:\WINNT\system32\urlmon.dll gzip@CLSID = C:\WINNT\system32\urlmon.dll lzdhtml@CLSID = C:\WINNT\system32\urlmon.dll text/webviewhtml@CLSID = %SystemRoot%\system32\shell32.dll HKLM\Software\Classes\PROTOCOLS\Handler\ >>> about@CLSID = %SystemRoot%\System32\mshtml.dll cdl@CLSID = C:\WINNT\system32\urlmon.dll file@CLSID = C:\WINNT\system32\urlmon.dll ftp@CLSID = C:\WINNT\system32\urlmon.dll gopher@CLSID = C:\WINNT\system32\urlmon.dll http@CLSID = C:\WINNT\system32\urlmon.dll https@CLSID = C:\WINNT\system32\urlmon.dll its@CLSID = C:\WINNT\system32\ITSS.DLL javascript@CLSID = %SystemRoot%\System32\mshtml.dll local@CLSID = C:\WINNT\system32\urlmon.dll mailto@CLSID = %SystemRoot%\System32\mshtml.dll mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll mk@CLSID = C:\WINNT\system32\urlmon.dll ms-its@CLSID = C:\WINNT\system32\ITSS.DLL res@CLSID = %SystemRoot%\System32\mshtml.dll sysimage@CLSID = %SystemRoot%\System32\mshtml.dll vbscript@CLSID = %SystemRoot%\System32\mshtml.dll vnd.ms.radio@CLSID = C:\WINNT\System32\msdxm.ocx HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BC84508-C772-4385-91D7-9102AFF7306E} /*Connessione alla rete locale (LAN) 2*/ >>> @IPAddress82.56.122.187 = 82.56.122.187 @NameServer = @DefaultGateway82.56.122.187 = 82.56.122.187 @Domain = HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>> 000000000001@LibraryPath = %SystemRoot%\System32\rnr20.dll 000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000002@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000003@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000006@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000007@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000008@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000009@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000010@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000011@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000012@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000013@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000014@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000015@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000016@PackedCatalogItem = %SystemRoot%\system32\msafd.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017@PackedCatalogItem = %SystemRoot%\system32\msafd.dll C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = ATI CATALYST System Tray.lnk ---- EOF - GMER 1.0.11 ----

Citazione:

Incident Status Location Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\WINNT\system32\dhcp\bootdrv.dll Potentially unwanted tool:Application/HideApp.A Not disinfected C:\WINNT\system32\dhcp\hideapp.exe Potentially unwanted tool:Application/PrcView.A Not disinfected C:\WINNT\system32\dhcp\libparse.exe Hacktool:HackTool/Scansql.B Not disinfected C:\WINNT\system32\dhcp\sqlpass.dic Potentially unwanted tool:Application/ToolWget Not disinfected C:\WINNT\system32\dhcp\wget.exe Virus:W32/Akbot.T.worm Disinfected C:\WINNT\system32\hqghumea.dll Adware:Adware/SystemDoctor Not disinfected C:\WINNT\176228241166.exe Virus:W32/Sdbot.IFP.worm Disinfected C:\WINNT\eraseme_86256.exe Virus:Trj/SecurityDown.A Disinfected C:\Documents and Settings\Max1\Desktop\DellDsk.zip[DellDsk.exe] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Max1\Cookies\max1@toplist[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Max1\Cookies\max1@tradedoubler[2].txt Adware:Adware/Maxifiles Not disinfected C:\Programmi\File comuni\{E421B49B-06B3-1040-0830-010501110027}\Update.exe Adware:Adware/Mytoolbar Not disinfected C:\Programmi\ToolBar888\MyToolBar.dll Adware:Adware/Mytoolbar Not disinfected C:\Programmi\ToolBar888\Activate.exe Adware:Adware/IconAds Not disinfected C:\Programmi\ToolBar888\Uninst.exe

Citazione:

Logfile of HijackThis v1.99.1 Scan saved at 8:39:27 PM, on 9/18/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\Norton Internet Security\NISUM.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Norton Internet Security\ccPxySvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\mgabg.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\soundman.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINNT\system32\Linksts.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\D4\D4.exe C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\Programmi\File comuni\{E421B49B-06B3-1040-0830-010501110027}\Update.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\aws32.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\Documents and Settings\Max1\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024 O4 - HKLM\..\Run: [Microsoft Explorer] msl.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Update] C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKLM\..\Run: [Dimension4] C:\Programmi\D4\D4.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [timlib] rundll32.exe C:\WINNT\system32\timlib.dll,start O4 - HKLM\..\Run: [bthsvc] rundll32.exe C:\WINNT\system32\bthsvc.dll,start O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122736782765 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignaltraining.webex.com/client/v_mywebex/webex/ieatgpc.cab O16 - DPF: {E84D31FB-302A-4F6D-86F7-94A685E9672B} (CQGGUID.GUIDGenerator) - https://www.cqgtrader.com/Global/CQGGUID.CAB O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

[Paolo333]

Ecco cosa mi compare al riavvio. Anche se clicco "annulla", vengo reindirizzato sul sito

Cosa devo fare.

Sono riuscito ad eliminare il Trojan Downloader Generic2.NUA (...almeno mi sembra perchè dopo averlo trovato e cestinato AVG non lo rileva più), mentre lp3.ksa si trova nella cartella di WINNT\system32, ma non riesco a portarlo nel cestino. quando cerco di trascinarlo, mi compare un messaggio con scritto: Impossibile eliminare lp3. impossibile trovare il file specificato

Grazie

[holifay]

mmmmmm

Allora, vediamo un po´ i log che hai postato li hai fatti prima o dopo le nuove infezioni? Avevi il firewall disattivato?. Se i log di GMER li hai fatti prima delle nuove infezioni, ti chiedo di rifarli. In ogni caso fai prima quanto segue:

Scarica sysprotect (da atribune), avvialo e clicca su Remove Now

Scaricati sul desktop VundoFix.EXE
. chiudi tutte le finestre prima di continuare
. esegui il file VundoFix.exe
. premi Scan for Vundo e poi, se trova qualcosa, premi Remove Vundo
. se ti verrà chiesto di spegnere il pc, dai l´OK

Al riavvio, apri HijackThis ed elimina queste voci (se presenti):
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Microsoft Explorer] msl.exe
O4 - HKLM\..\Run: [timlib] rundll32.exe C:\WINNT\system32\timlib.dll,start
O4 - HKLM\..\Run: [bthsvc] rundll32.exe C:\WINNT\system32\bthsvc.dll,start

Avvia il file avenger.exe
Seleziona l'opzione Input Script Manually
Clicca sulla lente di ingrandimento

Ti si apre una finestra View/edit script
All'interno del box bianco,copia e incolla le scritte in rosso:

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\delldsk
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1C

files to delete:
C:\WINNT\system32\Lpt3.ksa
C:\WINNT\176228241166.exe
C:\WINNT\system32\aws32.exe
C:\WINNT\system32\timlib.dll
C:\WINNT\system32\bthsvc.dll

folders to delete:
C:\Programmi\ToolBar888
C:\Programmi\File comuni\{E421B49B-06B3-1040-0830-010501110027}


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


posta il contenuto di questi file:
- c:\avenger.txt
- c:\vundofix.txt (se hai usato vundofix)

Un nuovo log di HijackThis

[Paolo333]

Holifay,

Il programma Hijackthis viene chiuso in modo automatico, appena finita la scansione con il seguente messaggio:

Errore dell'applicazione
Hijackthis.exe ha provocato errori e verrà chiuso. Sarà necessario riavviare il programma
Creazione del registro errori in corso.

I problemi che ho attualmente sono relativi alla navigazione
Quando attivo un motore di ricerca, mi si apre la solita finestra di pop up di cui sopra, anche se non visualizza nulla perchè ho inserito il sito in questione, tra quelli con restrizioni
Anche quando navigo normalmente sul un qualsiasi sito ad un certo punto (non sempre), scompare la barra delle applicazioni di windows e tutti gli oggetti sul desktop, dopodichè mi si riapre ma con meno icone sulla barra e talvolta (non sempre) cade la connessione

Ecco i log che mi hai richiesto:

Citazione:

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\uxob^qgl ******************* Script file located at: \??\C:\Program Files\pqmghujp.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINNT\system32\Lpt3.ksa not found! Deletion of file C:\WINNT\system32\Lpt3.ksa failed! Could not process line: C:\WINNT\system32\Lpt3.ksa Status: 0xc0000034 File C:\WINNT\176228241166.exe not found! Deletion of file C:\WINNT\176228241166.exe failed! Could not process line: C:\WINNT\176228241166.exe Status: 0xc0000034 File C:\WINNT\system32\aws32.exe not found! Deletion of file C:\WINNT\system32\aws32.exe failed! Could not process line: C:\WINNT\system32\aws32.exe Status: 0xc0000034 File C:\WINNT\system32\timlib.dll not found! Deletion of file C:\WINNT\system32\timlib.dll failed! Could not process line: C:\WINNT\system32\timlib.dll Status: 0xc0000034 File C:\WINNT\system32\bthsvc.dll not found! Deletion of file C:\WINNT\system32\bthsvc.dll failed! Could not process line: C:\WINNT\system32\bthsvc.dll Status: 0xc0000034 Folder C:\Programmi\ToolBar888 not found! Deletion of folder C:\Programmi\ToolBar888 failed! Could not process line: C:\Programmi\ToolBar888 Status: 0xc0000034 Folder C:\Programmi\File comuni\{E421B49B-06B3-1040-0830-010501110027} deleted successfully. Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Explorer failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\delldsk not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\delldsk failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1C not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1C failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.

Il log di VundoFix riporta solo: No infected files were found.


Hijackthis:

Citazione:

Logfile of HijackThis v1.99.1 Scan saved at 10:16:59 AM, on 9/23/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\mgabg.exe C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINNT\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\soundman.exe C:\WINNT\system32\Linksts.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programmi\D4\D4.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\WINNT\system32\internat.exe C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\wuauclt.exe C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINNT\system32\taskmgr.exe C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Max1\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024 O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Update] C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Dimension4] C:\Programmi\D4\D4.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O12 - Plugin for .aspx: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122736782765 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignaltraining.webex.com/client/v_mywebex/webex/ieatgpc.cab O16 - DPF: {E84D31FB-302A-4F6D-86F7-94A685E9672B} (CQGGUID.GUIDGenerator) - https://www.cqgtrader.com/Global/CQGGUID.CAB O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Non dirmi che devo far riformattare il Pc per favore.......

Grazie comunque per l'aiuto

[Paolo333]

Ho lasciato il PC con la connessione avviata a internet per circa due ore, con l'EXPLORER chiuso, lavorando solo su programmi interni, WORD e simili.

Appena mi ha aperto EXPLORER, giusto il tempo di arrivare quì sul forum, e il PC si è piantanto dopo pochi click.

Le finestre dei programmi sono rimaste aperte, scomparsa la barra di WINDOWS, sono riuscito a malapena ad aprire il task manager per vedere che la CPU su EXPLORER.EXE era a 98%

Ho dovuto spegnere il PC manualmente (si è spento con il comando ARRESTO del SISTEMA, ma stranamente il PC è rimasto acceso)

Ogni aiuto....è il benvenuto

Sono rimasto solo?

[holifay]

Rispetto a prima la situazione è migliorata di parecchio

Da hijackThis, elimina anche questa voce:
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
Controlla se riesci ad eliminarla

Fai una scansione online con Panda e poi salva il report al termine e postalo qui.

Poi scarica GMER da www.gmer.net e fa due log, uno dal tab Rootkit, l´altro dal tab Autostart. Puoi copiarli premendo il tasto Copy e incollarli qui

[Smjert]

Trova e apri con Notepad il System.ini e controlla se è presente questa linea: shell=Explorer.exe C:\WINDOWS\SYSTEM\internat.exe
Fai la stessa cosa con Win.ini e vedi se c'è questa linea: run=C:\WINDOWS\SYSTEM\internat.exe
Vai sulla barra di avvio e clicca Start->Esegui e digita regedit (invio) e guarda se c'è questa chiave di registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\KeyConfig
Molto probabilmente ti sei preso un backdoor, precisamente questo Backdoor.AntiLam.20.K .
Fai un unltimo sforzo per scrivere qua... non posso provedere finchè non sono sicuro che tu lo abbia (perchè internat potrebbe essere un file legittimo).

[Paolo333]

Ti ringrazio molto per la tua disponibilità, Holifay

Con Hijackthis riesco solo a fare la scansione, ma poi come hai letto il programma si chiude subito dopo con il messaggio "Errore dell'applicazione - Creazione del registro...."

Ecco i log richiesti:

Scansione con Panda:


Incident Status Location

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\WINNT\system32\dhcp\bootdrv.dll
Potentially unwanted tool:Application/PrcView.A Not disinfected C:\WINNT\system32\dhcp\libparse.exe
Hacktool:HackTool/Scansql.B Not disinfected C:\WINNT\system32\dhcp\sqlpass.dic
Potentially unwanted tool:Application/ToolWget Not disinfected C:\WINNT\system32\dhcp\wget.exe




GMER al termine della scansione di Rootkit ha dato il messaggio: "GMER has found system modification caused by Rootkit activity"

Citazione:

GMER 1.0.11.11349 - http://www.gmer.net Rootkit 2006-09-23 19:08:25 Windows 5.0.2195 Service Pack 4 ---- System - GMER 1.0.11 ---- SSDT 81C99868 ZwAlertResumeThread SSDT 81C99948 ZwAlertThread SSDT 81C7E548 ZwAllocateVirtualMemory SSDT 81C92C08 ZwConnectPort SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwCreateKey SSDT 81C995C8 ZwCreateMutant SSDT 81C7E728 ZwCreateThread SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwDeleteKey SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwDeleteValueKey SSDT 81C7E368 ZwFreeVirtualMemory SSDT 81C996A8 ZwImpersonateAnonymousToken SSDT 81C99788 ZwImpersonateThread SSDT 81C7E268 ZwMapViewOfSection SSDT 81C994E8 ZwOpenEvent SSDT 81C7E648 ZwOpenProcessToken SSDT 81C99E08 ZwOpenThreadToken SSDT 81C993E8 ZwQueryValueKey SSDT 81C82D28 ZwResumeThread SSDT 81C99D28 ZwSetContextThread SSDT 81C99EE8 ZwSetInformationProcess SSDT 81C99C48 ZwSetInformationThread SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwSetValueKey SSDT 81C99A88 ZwSuspendThread SSDT 81C7E828 ZwTerminateProcess SSDT 81C99B68 ZwTerminateThread SSDT 81C99FC8 ZwUnmapViewOfSection SSDT 81C7E448 ZwWriteVirtualMemory ---- Processes - GMER 1.0.11 ---- Process svchost.exe (*** hidden *** ) [500] 817F7B60 Process services.exe (*** hidden *** ) [288] 8181F020 Process SNDSrvc.exe (*** hidden *** ) [820] 81747020 Process ccSetMgr.exe (*** hidden *** ) [576] 817C6D60 Process ccProxy.exe (*** hidden *** ) [564] 817CF940 Process ccEvtMgr.exe (*** hidden *** ) [272] 817225A0 Process svchost.exe (*** hidden *** ) [592] 817BC020 Process pppoeservice.ex (*** hidden *** ) [748] 81758D60 Process csrss.exe (*** hidden *** ) [240] 81A49D60 Process winlogon.exe (*** hidden *** ) [236] 8182CD60 Process lsass.exe (*** hidden *** ) [300] 8181E240 Process System (*** hidden *** ) [8] 8203F960 Process EnterNet.exe (*** hidden *** ) [2272] 812EC020 Process smss.exe (*** hidden *** ) [216] 81A80D60 Process Ati2evxx.exe (*** hidden *** ) [416] 81806D60 Process spoolsv.exe (*** hidden *** ) [524] 817D72A0 Process navapsvc.exe (*** hidden *** ) [648] 8178C020 Process MSTask.exe (*** hidden *** ) [772] 8174E520 Process ALUSchedulerSvc (*** hidden *** ) [952] 81722020 Process symlcsvc.exe (*** hidden *** ) [932] 8172EBA0 Process svchost.exe (*** hidden *** ) [1020] 81715C40 Process SPBBCSvc.exe (*** hidden *** ) [872] 8173A260 Process Ati2evxx.exe (*** hidden *** ) [1344] 81705020 Process mgabg.exe (*** hidden *** ) [620] 81796020 Process regsvc.exe (*** hidden *** ) [784] 817522A0 Process WinMgmt.exe (*** hidden *** ) [1656] 815DDD60 Process NSCSRVCE.EXE (*** hidden *** ) [1944] 8134C7C0 ---- EOF - GMER 1.0.11 ----

Citazione:

GMER 1.0.11.11349 - http://www.gmer.net Autostart 2006-09-23 19:10:15 Windows 5.0.2195 Service Pack 4 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINNT\SYSTEM32\Userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> AtiExtEvent@DLLName = Ati2evxx.dll awtqo@DLLName = C:\WINNT\system32\awtqo.dll wzcnotif@DLLName = wzcdlg.dll HKLM\SYSTEM\CurrentControlSet\Services\ >>> Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe ATI Smart /*ATI Smart*/@ = C:\WINNT\system32\ati2sgag.exe ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe" ccProxy /*Symantec Network Proxy*/@ = "C:\Programmi\File comuni\Symantec Shared\ccProxy.exe" ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe" MGABGEXE /*MGABGEXE*/@ = %SystemRoot%\system32\mgabg.exe navapsvc /*Servizio Auto-Protect di Norton AntiVirus*/@ = "C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe" PPPoEService /*PPPoE Service*/@ = C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe RemoteRegistry /*Servizio Registro di sistema remoto*/@ = %SystemRoot%\system32\regsvc.exe Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\system32\MSTask.exe SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe" SPBBCSvc /*Symantec SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe" Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe Symantec Core LC /*Symantec Core LC*/@ = "C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe" Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @SoundMansoundman.exe = soundman.exe @ISDN MonitorLinksts.exe W 1024 = Linksts.exe W 1024 @ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe @ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime @UpdateC:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER /*file not found*/ = C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER /*file not found*/ @ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" @SSC_UserPromptC:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe = C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe @Dimension4C:\Programmi\D4\D4.exe = C:\Programmi\D4\D4.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run >>> @delldsk"c:\winnt\delldsk.exe" /*file not found*/ = "c:\winnt\delldsk.exe" /*file not found*/ @1C:\WINNT\service32.exe /*file not found*/ = C:\WINNT\service32.exe /*file not found*/ HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @SpybotSD TeaTimerC:\Programmi\Spybot - Search & Destroy\TeaTimer.exe = C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe @internat.exeinternat.exe = internat.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{41E300E0-78B6-11ce-849B-444553540000} /*Estensione CPL PlusPack*/plustab.dll = plustab.dll @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{EAB841A0-9550-11CF-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Programma di estrazione filtri grafici di Office in anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{9DBD2C50-62AD-11D0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{500202A0-731E-11D0-B829-00C04FD706EC} /*LNK file thumbnail interface delegator*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll @{fe1290f0-cfbd-11cf-a330-00aa00c16e65} /*Directory Namespace*/dsfolder.dll = dsfolder.dll @{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/dsfolder.dll = dsfolder.dll @{59850401-6664-101B-B21C-00AA004BA90B} /*Microsoft Office Binder Unbind*/C:\PROGRA~1\MICROS~2\Office\1040\UNBIND.DLL = C:\PROGRA~1\MICROS~2\Office\1040\UNBIND.DLL @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{4A741382-48B4-11d2-AD84-00A024D24BF3} /*Matrox PowerDesk Properties*/C:\WINNT\system32\PDesk\PDPAGES.DLL = C:\WINNT\system32\PDesk\PDPAGES.DLL @{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a² Context Menu Shell Extension*/(null) = @{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/(null) = @{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) = @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINNT\system32\dfshim.dll = C:\WINNT\system32\dfshim.dll @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINNT\system32\dfshim.dll = C:\WINNT\system32\dfshim.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll @{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll @{8ACBA415-FA70-4BA0-A1EC-3B9F45C6AD60}C:\WINNT\system32\awtqo.dll = C:\WINNT\system32\awtqo.dll @{9ECB9560-04F9-4bbc-943D-298DDF1699E1}C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll = C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll @{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll @{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}C:\WINNT\system32\cyohfeii.dll /*file not found*/ = C:\WINNT\system32\cyohfeii.dll /*file not found*/ HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINNT\system32\sstext3d.scr HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.aspx@Location = C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pageabout:blank = about:blank @Local PageC:\WINNT\SYSTEM32\blank.htm = C:\WINNT\SYSTEM32\blank.htm HKLM\Software\Classes\PROTOCOLS\Handler\ >>> its@CLSID = C:\WINNT\system32\ITSS.DLL mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll ms-its@CLSID = C:\WINNT\system32\ITSS.DLL vnd.ms.radio@CLSID = C:\WINNT\System32\msdxm.ocx HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BC84508-C772-4385-91D7-9102AFF7306E} /*Connessione alla rete locale (LAN) 2*/ >>> @IPAddress87.2.179.85 = 87.2.179.85 @NameServer = @DefaultGateway87.2.179.85 = 87.2.179.85 @Domain = HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001@LibraryPath = %SystemRoot%\System32\rnr20.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000002@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000003@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000006@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000007@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000008@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000009@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000010@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000011@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000012@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000013@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000014@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000015@PackedCatalogItem = %SystemRoot%\system32\msafd.dll 000000000016@PackedCatalogItem = %SystemRoot%\system32\msafd.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017@PackedCatalogItem = %SystemRoot%\system32\msafd.dll C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = ATI CATALYST System Tray.lnk ---- EOF - GMER 1.0.11 ----

[/quote]

[Paolo333]

I problemi sorgono solo con l'apertura di explorer e con la successiva navigazione

Se non uso explorer, non ho alcun tipo di problema sul PC

Deve essere rimasto qualche residuo del Clicker.CVF, che entra in azione ogni volta che avvio explorer

Prima si è aperta la finestra del sito di cui ho postato nelle pagine precedenti l'immagine (questa volta è sfuggita ai siti con restrizioni), dopodichè scompare la barra degli strumenti di windows, che riappare dopo qualche secondo ma con molte meno icone dei programmi avviati in start up.

La connessione non sempre cade, anzi il più delle volte rimane

Non capisco perchè dopo la scansione, Hijackthis si chiude nell'istante stesso in cui termina il processo, segnalando un errore dell'applicazione
Quando abbiamo iniziato a risolvere i problemi, funzionava regolarmente

[chemicalbit]

[holifay]

Apri l´editor del registro di sistema (regedit.exe)

Naviga fino a questa chiave:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Vai sul pannello di destra e cancella le voci
delldsk (punta a c:\winnt\delldsk.exe già cancellato)
1 (C:\WINNT\service32.exe già cancellato)

Poi naviga fino a questa chiave:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

e allo stesso modo cancella:
{8ACBA415-FA70-4BA0-A1EC-3B9F45C6AD60}
{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}

Poi riavvia e dopo il riavvio cancella:
C:\WINNT\system32\awtqo.dll questa me la mandi a www.suspectfile.com indicando per holifay?
C:\WINNT\system32\cyohfeii.dll

Se vuoi prova di nuovo ad usare Avenger, con questo script:

Registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ACBA415-FA70-4BA0-A1EC-3B9F45C6AD60}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\delldsk
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1

files to delete:
C:\WINNT\system32\awtqo.dll
C:\WINNT\system32\cyohfeii.dll

Poi però se usi avenger posta il suo log perchè se non è riuscito dvvrai eliminarli manualmente come sopra.

Vedi un po´ se adesso migliora la situazione

[Paolo333]

[Paolo333]

Holifay,

Non ci posso credere!

Incrociamo le dita, ma sto navigando senza problemi
Le pagine di Internet Explorer si aprono alla velocità della luce, e nessun pop up!

Continuo a navigare poi ti riferisco

Grazie!

[Paolo333]

Dopo ore di navigazione va tutto bene.

Non so se abbiamo eliminato tutto, ma i problemi sembrano proprio risolti

Grazie infinite holifay

[holifay]

eh eh, abbiamo avuto fortuna!

La dll che ti ho fatto cancellare, è associata al trojan Vundo, uno dei più difficili da rimuovere. Speravo che il vundofix di Atribune facesse il suo dovere, ma evidentemente non la riconosceva.

Adesso non dovresti avere più trojan attivi, fai comunque una scansione online con Kaspersly per eliminare eventuali residui

Ciao