[win XP] pagine che si aprono da sole...

[turbo974]

Quote:

Originariamente inviato da Chill-Out

credo di non aver capito, sii più esplicito

dicevo solo che per questa sera basta con tool vari.
riprendo domani sto facendo un po di fumo

[Chill-Out]

Quote:

Originariamente inviato da turbo974

dicevo solo che per questa sera basta con tool vari.
riprendo domani sto facendo un po di fumo

a ecco credevo di aver capito che dopo tutto stò sbattimento volevi formattare

[turbo974]

ahahah giuro che ci avevo pensato.
ma credo che nn ce ne sia piu bisogno.almeno spero!!!

[turbo974]

io avrei un piccolo problema....

[turbo974]

all'avvio il pc mi chiede se modificare quella voce di registro fix...
io da vero sveltone ho pensato di cancellarla per ovviare a questo ma all'avvio mi dice che nn è possibile trovare la voce di registro.
sicuramente è una stupidagine ma al momento mi sfugge

[Nuz]

Cerca di darci più informazioni, chi ti da quel messaggio? Riesci a fare uno screenshot e upparlo su www.zshare.net?

[turbo974]

ciao nuz.praticamente la voce che mi cerca è quella che mi ha fatto creare chill-out.
credo che dovrò aspettare lui per risolvere.

[Nuz]

Quote:

Originariamente inviato da turbo974

ciao nuz.praticamente la voce che mi cerca è quella che mi ha fatto creare chill-out.
credo che dovrò aspettare lui per risolvere.

L'avevo capito, però volevo vedere il messaggio di errore.

[turbo974]

il problema è che il msg arriva prima che carichi il desktop quindi icone e barra.

[turbo974]

ora ho rimesso la voce di registro in c:/ e all'avvio mi chiede se apportare quelle modifiche al registro.

[Chill-Out]

metti fix.reg sul DeskTop tasto dx del mouse - clicca su unisci

cancella fix.reg salvato in C:\

[turbo974]

ciao.nn ho ben capito ora ti spiego come ho fatto:
ho copiato il file reg sul desktop poi ho clikkato col destro e ho fatto unisci e ho cancellato il file reg che stava su c:.
ma nn cambia nulla

[Chill-Out]

Domanda:
ieri sera dopo aver inserito lo script in Avenger hai riavviato -> presumo di SI
il problema al riavvio non si è presentato, se no l'avresti fatto subito presente

il problema si è presentato dopo la cancellazione del file fix.reg salvato in C:\ ?

[turbo974]

no oggi quando ho acceso il pc

[Nuz]

Apri HiJackThis, clicca su Open the misc tools, c'è Generate Startup list, ora metti il segno di spunta alle due caselle a fianco e clicca su Generate Startup list. Allega il log.

[Chill-Out]

e allora c'è qualcosa che non mi quadra e possibile avere uno screenshot dell' errore o la dicitura esatta dell'errore stesso

[turbo974]

Codice:

StartupList report, 18/12/07, 9.59.49  
StartupList version: 1.52.2
Started from : C:\Programmi\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Marco\Menu Avvio\Programmi\Esecuzione automatica]
Yahoo! Widget Engine.lnk = C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry value not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAX = C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
AGRSMMSG = AGRSMMSG.exe
avgnt = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
eabconfg.cpl = C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
hpWirelessAssistant = C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
Apoint = C:\Programmi\Apoint2K\Apoint.exe
SoundMAXPnP = C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
ATIPTA = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Adobe Reader Speed Launcher = C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
DAEMON Tools Lite = "C:\Programmi\DAEMON Tools\daemon.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
 = 

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

[1173]
rdghchuh = "C:\fix.reg"

[373362]
rdg = "C:\"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor del Registro di sistema'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmi\RadioItalia\tbRad1.dll - {0aaeaede-aefd-4672-a764-5c5c037612a2}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[NanoInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\NanoInst.dll
CODEBASE = http://www.nanoscan.com/cabs/nanoinst.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Driver ACPI Microsoft: system32\DRIVERS\ACPI.sys (system)
Driver del controller integrato Microsoft: system32\DRIVERS\ACPIEC.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Eliminatore di eco acustico del kernel Microsoft: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start)
Avvisi: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Servizio Gateway di livello applicazione: %SystemRoot%\System32\alg.exe (manual start)
AntiVir PersonalEdition Classic Scheduler: "C:\Programmi\AntiVir PersonalEdition Classic\sched.exe" (autostart)
AntiVir PersonalEdition Classic Guard: "C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe" (autostart)
Alps Pointing-device Filter Driver: system32\DRIVERS\Apfiltr.sys (manual start)
Gestione applicazione: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Protocollo client ARP 1394: system32\DRIVERS\arp1394.sys (manual start)
Servizio stato di ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
Driver per supporti asincroni RAS: system32\DRIVERS\asyncmac.sys (manual start)
Controller disco rigido IDE/ESDI standard: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATITool Overclocking Utility: system32\DRIVERS\ATITool.sys (system)
atksgt: system32\DRIVERS\atksgt.sys (autostart)
Protocollo client ARP ATM: system32\DRIVERS\atmarpc.sys (manual start)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver stub audio: system32\DRIVERS\audstub.sys (manual start)
avgio: \??\C:\Programmi\AntiVir PersonalEdition Classic\avgio.sys (system)
avgntflt: \??\C:\Programmi\AntiVir PersonalEdition Classic\avgntflt.sys (manual start)
avipbb: system32\DRIVERS\avipbb.sys (system)
Servizio trasferimento intelligente in background: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Browser di computer: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Mobiola Web Camera driver: system32\DRIVERS\BTCamDrv.sys (manual start)
Driver di comunicazioni virtuali Bluetooth: system32\DRIVERS\btport.sys (manual start)
Enumeratore bus Bluetooth: system32\DRIVERS\btkrnl.sys (manual start)
Bluetooth Service: C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe (autostart)
WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start)
Decoder sottotitoli codificati: system32\DRIVERS\CCDECODE.sys (manual start)
Driver del CD-ROM: system32\DRIVERS\cdrom.sys (system)
Servizio di indicizzazione: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Driver scheda AC Microsoft: system32\DRIVERS\CmBatt.sys (manual start)
Driver della batteria composita Microsoft: system32\DRIVERS\compbatt.sys (system)
Applicazione di sistema COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Servizi di crittografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Utilità di avvio processo server DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Driver del disco: system32\DRIVERS\disk.sys (system)
DK2 WindowsNT Driver: \??\C:\WINDOWS\system32\Drivers\dk2drv.sys (autostart)
Servizio amministrativo di Gestione disco logico: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Gestione dischi logici: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Sintetizzatore DLS Microsoft Kernel: system32\drivers\DMusic.sys (manual start)
Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Decodificatore audio DRM del kernel Microsoft: system32\drivers\drmkaud.sys (manual start)
DVB-T Receiver: System32\Drivers\DTV_Capture_2X0.sys (manual start)
DVB-T Loader: System32\Drivers\DTV_Loader_2X1.sys (manual start)
EABFiltr: \??\C:\WINDOWS\system32\drivers\EABFiltr.sys (system)
eabusb: \??\C:\WINDOWS\system32\drivers\eabusb.sys (manual start)
ENTECH: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys (manual start)
Servizio di segnalazione errori: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Registro eventi: %SystemRoot%\system32\services.exe (autostart)
Sistema di eventi COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Compatibilità di Cambio rapido utente: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Driver archiviazione volumi: system32\DRIVERS\ftdisk.sys (system)
giveio: system32\giveio.sys (system)
gmer: System32\DRIVERS\gmer.sys (manual start)
Utilità di classificazione pacchetti generica: system32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Guida in linea e supporto tecnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver di classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start)
HP WMI Interface: C:\Programmi\HPQ\shared\hpqwmi.exe (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
SSL HTTP: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Driver di porta mouse PS/2 e tastiera i8042: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Driver filtro masterizzazione CD: system32\DRIVERS\imapi.sys (system)
Servizio COM di masterizzazione CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Driver processore Intel: system32\DRIVERS\intelppm.sys (system)
Driver Windows Firewall IPv6: system32\DRIVERS\Ip6Fw.sys (manual start)
Driver filtro traffico IP: system32\DRIVERS\ipfltdrv.sys (manual start)
Driver tunnel IP in IP: system32\DRIVERS\ipinip.sys (manual start)
Traduttore indirizzi di rete IP: system32\DRIVERS\ipnat.sys (manual start)
Driver IPSEC: system32\DRIVERS\ipsec.sys (system)
Servizio enumeratore infrarossi: system32\DRIVERS\irenum.sys (manual start)
Driver bus PnP ISA/EISA: system32\DRIVERS\isapnp.sys (system)
ithsgt: system32\DRIVERS\ithsgt.sys (autostart)
Driver classe tastiera: system32\DRIVERS\kbdclass.sys (system)
Driver di tastiera HID: system32\DRIVERS\kbdhid.sys (system)
Mixer wave audio del kernel Microsoft: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
lilsgt: system32\DRIVERS\lilsgt.sys (autostart)
lirsgt: system32\DRIVERS\lirsgt.sys (autostart)
Helper NetBIOS di TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
lnhewvvrgcpc: system32\drivers\lnhewvvrgcpc.sys (manual start)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
mf: system32\DRIVERS\mf.sys (manual start)
MidiSyn: system32\drivers\MidiSyn.sys (manual start)
Condivisione desktop remoto di NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (disabled)
Driver classe mouse: system32\DRIVERS\mouclass.sys (system)
Driver di mouse HID: system32\DRIVERS\mouhid.sys (manual start)
Redirector del client WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Proxy di servizio di flusso Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy clock di flusso Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy di gestione qualità di flusso Microsoft: system32\drivers\MSPQM.sys (manual start)
Driver BIOS Microsoft System Management: system32\DRIVERS\mssmbios.sys (manual start)
Convertitore a T/Sito a sito per flusso Microsoft: system32\drivers\MSTEE.sys (manual start)
Maxtor OneTouch Security Driver: system32\DRIVERS\mxopswd.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
NBService: C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start)
Connesione TV/Video Microsoft: system32\DRIVERS\NdisIP.sys (manual start)
Driver TAPI NDIS di accesso remoto: system32\DRIVERS\ndistapi.sys (manual start)
Protocollo I/O modalità utente su NDIS: system32\DRIVERS\ndisuio.sys (manual start)
Driver WAN NDIS di accesso remoto: system32\DRIVERS\ndiswan.sys (manual start)
Interfaccia NetBIOS: system32\DRIVERS\netbios.sys (system)
NetBios su Tcpip: system32\DRIVERS\netbt.sys (system)
DDE di rete: %SystemRoot%\system32\netdde.exe (disabled)
DDE DSDM di rete: %SystemRoot%\system32\netdde.exe (disabled)
Accesso rete: %SystemRoot%\system32\lsass.exe (manual start)
Connessioni di rete: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Notebook Hardware Control Driver: \??\C:\WINDOWS\system32\drivers\nhcDriver.sys (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe" (manual start)
Nokia USB Phone Parent: system32\drivers\nmwcd.sys (manual start)
Nokia USB Generic: system32\drivers\nmwcdc.sys (manual start)
Nokia USB Port: system32\drivers\nmwcdcj.sys (manual start)
Nokia USB Modem: system32\drivers\nmwcdcm.sys (manual start)
Provider supporto protezione LM NT: %SystemRoot%\system32\lsass.exe (disabled)
Archivi rimovibili: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Driver filtro traffico IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
Driver inoltratore traffico IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
O&O Defrag: C:\WINDOWS\system32\oodag.exe (autostart)
Controller host Texas Instruments IEEE 1394 compatibile OHCI: system32\DRIVERS\ohci1394.sys (system)
Driver bus PCI: system32\DRIVERS\pci.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servizi IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Archiviazione protetta: %SystemRoot%\system32\lsass.exe (autostart)
Utilità di pianificazione pacchetti QoS: system32\DRIVERS\psched.sys (manual start)
Driver Direct Parallel Link: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Driver connessione automatica Accesso remoto: system32\DRIVERS\rasacd.sys (system)
Auto Connection Manager di Accesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Connection Manager di Accesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Driver PPPOE di accesso remoto: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Gestione sessione di assistenza mediante desktop remoto: C:\WINDOWS\system32\sessmgr.exe (manual start)
Driver filtro riproduzione CD-ROM audio digitale: system32\DRIVERS\redbook.sys (system)
Routing e Accesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
RPC Locator: %SystemRoot%\system32\locator.exe (manual start)
RPC (Remote Procedure Call): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtlnicxp.sys (manual start)
Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139: system32\DRIVERS\RTL8139.SYS (manual start)
Gestione account di protezione (SAM): %SystemRoot%\system32\lsass.exe (autostart)
smart card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Utilità di pianificazione: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
SDTHOOK: System32\DRIVERS\SDTHOOK.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Accesso secondario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
senfilt: system32\drivers\senfilt.sys (manual start)
Notifica eventi di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
%Serenum.SVCDESC%: system32\DRIVERS\serenum.sys (manual start)
%Serial.SVCDESC%: system32\DRIVERS\serial.sys (system)
Windows Firewall / Condivisione connessione Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Rilevamento hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Q-TEC WEBCAM 100 USB: system32\DRIVERS\pfc027.sys (manual start)
SoundMAX Agent Service: C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe (autostart)
speedfan: system32\speedfan.sys (system)
Frazionatore audio del kernel Microsoft: system32\drivers\splitter.sys (manual start)
Spooler di stampa: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
Driver filtro Ripristino configurazione di sistema: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
Servizio Ripristino configurazione di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Servizio di rilevamento SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
ssmdrv: system32\DRIVERS\ssmdrv.sys (system)
Acquisizione di immagini di Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Driver bus software: system32\DRIVERS\swenum.sys (manual start)
Sintetizzatore Wavetable GS kernel Microsoft: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{39C6DCA7-BCE1-431A-8048-9EFC84B5C498} (manual start)
Periferica audio di sistema Microsoft Kernel: system32\drivers\sysaudio.sys (manual start)
Avvisi e registri di prestazioni: %SystemRoot%\system32\smlogsvc.exe (disabled)
Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver protocollo TCP/IP: system32\DRIVERS\tcpip.sys (system)
Driver della periferica terminale: system32\DRIVERS\termdd.sys (system)
Servizi terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Tetris driver: System32\Drivers\Tetris.sys (manual start)
Temi: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
tifm21: system32\drivers\tifm21.sys (manual start)
Manutenzione collegamenti distribuiti client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Driver aggiornamento microcodice: system32\DRIVERS\update.sys (manual start)
Host di periferiche Plug and Play universali: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Gruppo di continuità: %SystemRoot%\System32\ups.exe (manual start)
Driver principale generico USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start)
Driver Miniport controller enhanced host USB 2.0 Microsoft: system32\DRIVERS\usbehci.sys (manual start)
Hub abilitato USB2: system32\DRIVERS\usbhub.sys (manual start)
Classe stampanti USB Microsoft: system32\DRIVERS\usbprint.sys (manual start)
Driver scanner USB: system32\DRIVERS\usbscan.sys (manual start)
Driver archiviazione di massa USB: system32\DRIVERS\USBSTOR.SYS (manual start)
Driver Miniport Controller Universal Host USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start)
Servizio Messenger Sharing Folders USN Journal Reader: "C:\Programmi\MSN Messenger\usnsvc.exe" (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Copia replicata del volume: %SystemRoot%\System32\vssvc.exe (manual start)
Driver di Intel(R) PRO/Wireless 2200BG Network Connection Driver per Windows XP: system32\DRIVERS\w29n51.sys (manual start)
Ora di Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver ARP IP di accesso remoto: system32\DRIVERS\wanarp.sys (manual start)
Driver di compatibilità audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Strumentazione gestione Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Live Setup Service: "C:\Programmi\Windows Live\installer\WLSetupSvc.exe" (manual start)
Servizio Numero di serie per dispositivi multimediali portatili: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Strumentazione gestione Microsoft Windows per ACPI: system32\DRIVERS\wmiacpi.sys (system)
Scheda WMI Performance: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Centro sicurezza PC: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Codec World Standard Teletext: system32\DRIVERS\WSTCODEC.SYS (manual start)
Aggiornamenti automatici: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Zero Configuration reti senza fili: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
xgavjwtipskw: system32\drivers\xgavjwtipskw.sys (manual start)
xhlvtflfpton: system32\drivers\xhlvtflfpton.sys (manual start)
Servizio Provisioning di rete: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
xodadsfvklgq: system32\drivers\xodadsfvklgq.sys (manual start)
xxhiruuodjas: system32\drivers\xxhiruuodjas.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Programmi\HPQ\Shared\hpqwmi.events|||h

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 37.215 bytes
Report generated in 0,078 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

[Nuz]

Eccolo dove è finito:

Quote:

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

[1173]
rdghchuh = "C:\fix.reg"

[373362]
rdg = "C:\"

Apri il registro. Start->esegui, inserisci regedit e dai invio.
Vai alla voce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

Cliccaci sopra e fai esporta così crei un backup.

Poi rimuovi le due voci:

rdghchuh = "C:\fix.reg
rdg = "C:\"

[turbo974]

e che faccio?

[Chill-Out]

Quote:

Originariamente inviato da Nuz

Eccolo dove è finito:

come ha fatto ha finire li