Olimpo Informatico

[svasato]

allora ho ritentato ad avviare Explorer ma no c'è verso , ci avevo pure provato anche ieri sera ma nulla mi dice : Impossibile trovare il file "Explorer.exe". verificare che il percorso eil nome del file siano corretti e riprovare...........

adesso vado con il fixxaggio delle voci che mi hai suggerito e ti riposto il log

[svasato]

Dunque :
-Ho fixxato le voci che mi hai consigliato

-Ho cancellato C:\haliacggia\fggfdg.exe ....ma era la versione camuffata di hjt...comunque adesso funziona la normale

-ecco i log di GMER:

GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2007-03-29 12:30:57
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxsrvc.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
anbmService /*Notebook Manager Service*/@ = C:\Acer\eManager\anbmServ.exe
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@preloadC:\Windows\RUNXMLPL.exe = C:\Windows\RUNXMLPL.exe
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@Wbutton"C:\Programmi\Launch Manager\Wbutton.exe" = "C:\Programmi\Launch Manager\Wbutton.exe"
@epm-dmc:\acer\epm\epm-dm.exe = c:\acer\epm\epm-dm.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@eRecoveryServiceC:\Programmi\Acer\eRecovery\Monitor.exe = C:\Programmi\Acer\eRecovery\Monitor.exe
@ePowerManagementC:\Acer\ePM\ePM.exe boot = C:\Acer\ePM\ePM.exe boot

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Classes\.scr@ = AutoCADScript

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} /*EPM-PO Shell Extension*/epm-po.dll = epm-po.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{acb4a560-3606-11d3-aef4-00104bd0f92d} /*KodakShellExtension*/C:\Programmi\File comuni\KODAK\IFSCore\kodakshx.dll = C:\Programmi\File comuni\KODAK\IFSCore\kodakshx.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{E976844F-E7A7-41E1-B7DF-6FDC48AE2C57} /*MJ2Desc Shell Extension*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30DBF339-5D6B-4EEC-8B04-E7FD92828B08} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.2 = 192.168.0.2
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

---- EOF - GMER 1.0.11 ----




GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2007-03-29 12:39:23
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.11 ----

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8235BC4C
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8212D820
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8212D820
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 820B3D68
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 820B3D68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 820B3D68
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 81FE0DDC
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 821D50E4
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 821D6364
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8235BC4C
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 821DF05C
Device \FileSystem\Fs_Rec \FileSystem\NtfsRecognizer IRP_MJ_READ 821DF05C
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 821DF05C
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 821DF05C
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 821DF05C
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 821B680C

---- Modules - GMER 1.0.11 ----

Module _________ F82A5000

---- EOF - GMER 1.0.11 ----



la scanzione online con Kaspersky non l'ho ancora fatta ( la connessione è un pò lenta , 56K, ma ci provo)

[svasato]

nemmeno la scansione online di Kaspersky a dato risultati , non ha trovato nulla .....

in compenso la stavo facendo fare anche su quest'altro pc .... al 26% della procedura ha gia trovato 1 number of viruses found ...e 4 number of infected objects.... ma questo è un altro problema !!!!



Adesso che mi consigliate ?

premetto che il martello è sempre a portata di mano ...

Comunque vada volevo ringraziarvi tanto per l'aiuto che mi state dando...
e se non ci sarà altra soluzione che formattare (io odio formattare) vorra dire che almeno ho conosciuto delle persone con i c*****oni quadrati!!!!!


P.S. non è che magari ho fatto io qualche casino ?

[svasato]

Cosa mi consigliate tra
- un picchetto d'argento

- una collana di aglio

- una bacinella di acqua santa

[chemicalbit]

[Orange]

ciao!
tutte le cose sopra citate ( vedi martello, collana d'aglio ecc..) potrebbero anche esorcizzare il PC...

[svasato]

X Chemicalbit

Si effettivamente il probema di quest'altro pc adesso lo sto tenendo da parte
altrimenti come faccio a sistemare quello!!!!

X Orange

Le prove con il task per avviare explorer sono miseramente fallite...

per quanto riguarda la chiave HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Image file execution options
il valore c:\windows\system32\ikpleidw.ver
non esiste più

P.S.
poi magari mi documento su come fare le citacioni cosi rendo più leggibile il post, scusate ma sono un pò impedito!

[Orange]

ora me la sto prendendo con quel virus a livello personale...

entra nel registro. trova questa chiave
HK_LOCAL MACHINE/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENT VERSION/WINLOGON
doppio clic su Winlogon
trova nella finestra di destra SHELL
portami il suo valore

[svasato]

il valore di shell è REG_SZ Explorer.exe

[svasato]

Un pò di Frontline nello spazio tra i tasti ??????

magari lo uccido

[chemicalbit]

[svasato]

OK
mi fapiecere che " siamo in tre , tre biganti e tre somari sulla strada di girgenti.........."
Bando alle ciancie
ragazzi non so più che pesci pigliare !
apparte il fatto che non ho mai formattato\reinstallato su un portayile ( io odio formattare ........ mi sa tanto di sconfitta o cmq di prendere la via più semplice )

poi stasera credo di ever esagerato con il vino ... i dolcetti .... le bionde ( sigarette , che vi eravate creduti!!!)

cmq
Per la sotto chiave ...non esiste più ...nada....

poi per la citazione non ci sono riuscito ma visto il tasso alcolico è comprensibile ...... almeno credo ....o spero ......

il frontline ( chi ha aminali domestici ( cani gatti ) lo conscera sicuramente
trattasi di antiparassitario ad appliczione cutanea .


fate voi


qualche altro coniglio a proposito ?

[chemicalbit]

Un consiglio?

Non demordere!

il malaware penso che l'abbiamo totlo,
ora i tratta solo (?) di far riapr

Domanda forse banale.

In C:\WINDOWS ce l'hai explorer.exe ?


p.s.: alla salute!

[Orange]

ciao!

si và un'po a rilento perche ho inoltrato il problema alle persone che ne sanno piu di me.

il format ce lo teniamo per ultimo...

- Portati nel registro
- Raggiungi questa chiave:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- Seleziona Modifica / Nuovo / Valore DWORD
- Crea un nuovo valore e chiamalo NoDesktop.
- Imposta il valore 1, conferma l'operazione e riavvia il sistema (cosi il desktop è disabilitato)
- Per ripristinarlo adesso imposta il valore della chiave creata a 0 (o cancellala completamente)
Vedi se il desktop riappare

avevi detto che il ripristino era disabilitato o mi confondo con qualcun'altro?
....pero in quel modo facciamo risuscitare anche la "bestiola"......

[svasato]

Ciao Orange

Grazie per la pasienza ..

Il ripristino di configurazione era disabilitato quando mi sono reso conto che c'era qualcosa che non andava e lo riattivato. ma prima di chiedere il vostro aiuti .....

che faccio lo disabilito ?

per la procedura di disabilitazione del desktop l'ho eseguita

ho riavviato e non è cambiato nulla
ore elimo la chive che abbiao creato prima

....sono in diretta ...

No ..nulla ... è rimasto tutto uguale a prima

P.S. Ho notato questa cosa nella chiave di cui sopra :
Ci sono 2 valori è sono:
- (predefinito) REG_SZ (valore non impostato)
- NoDriveTypeAutoRun REG_BINARY 91 00 00 00

questa (la seconda ) mi ha colpito ....é normale ?
[url][IMG]http://im

[chemicalbit]

[svasato]

Allora che faccio ?

Uso il martello?? Dai fatemelo usare .... mi sta salendo una scimmia con sto pc ....che lo prenderei a morsi

[chemicalbit]

Una domandina, vediamos e riusciamo a ricavare qualcosa da qua:

questi file

[Orange]

[svasato]

Chemicalbit ha sritto: