Necessito di aiuto

[yanoama]

Quote:

Originariamente inviato da sampei.nihira

Visto che il log di hijackthis postato inizialmente da questo utente risulti "pulito all'origine" nonostante siano presenti nel pc diversi problemi,colgo l'occasione per mettere all'attenzione un soft ( ma in versione beta) già messo in luce su vari siti internet:

http://www.runscanner.net/

Potrebbe essere l'occasione per una prova.
Ma ripeto sempre con molta cautela.

Programmino molto interessante, non lo conoscevo, certo che ce n'è di cose nuove da imparare su questo forum .

Bye

[nV 25]

Quote:

Originariamente inviato da sampei.nihira

...colgo l'occasione per mettere all'attenzione un soft ( ma in versione beta) già messo in luce su vari siti internet

wilders...ieri

Si, pare proprio molto interessante

Quote:

Originariamente inviato da yanoama

Nv25, tu che dici?

sono meno esperto di te...
Non ravviso cmq nulla di grave nel log..

SynTP.sys *sembrerebbe* essere un driver del Touchpad Synaptics...
E' in C:\Windows\System32\drivers ?

[Bugs Bunny]

Quote:

Originariamente inviato da Barbalbero

folders to delete:
%SystemDrive%:\Documents and Settings\%UserProfile%\Dati applicazioni\hidires
%SystemDrive%:\WINDOWS\exefld

guardando il log di hjt direi

Quote:

folders to delete:
%SystemDrive%:\Documents and Settings\%UserProfile%\Dati applicazioni\hidires
%SystemDrive%:\WINDOWS\exefnd

[Barbalbero]

Codice:

GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-08-14 23:09:56
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute =  /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@UIHostC:\WINDOWS\system32\logonuiX.exe = C:\WINDOWS\system32\logonuiX.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
anbmService /*Notebook Manager Service*/@ = C:\Acer\eManager\anbmServ.exe
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe" /*file not found*/
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe" /*file not found*/
btwdins /*Bluetooth Service*/@ = C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
EvtEng /*EvtEng*/@ = C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
RegSrvc /*RegSrvc*/@ = C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
S24EventMonitor /*Spectrum24 Event Monitor*/@ = C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindServiceAE /*StarWind AE Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
StyleXPService /*StyleXPService*/@ = "C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@EPM-DMc:\acer\epm\epm-dm.exe = c:\acer\epm\epm-dm.exe
@ePowerManagementC:\Acer\ePM\ePM.exe boot = C:\Acer\ePM\ePM.exe boot
@{0228e555-4f9c-4e35-a3ec-b109a192b4c2}C:\Programmi\Google\Gmail Notifier\gnotify.exe = C:\Programmi\Google\Gmail Notifier\gnotify.exe
@LManagerC:\Programmi\Launch Manager\QtZgAcer.EXE = C:\Programmi\Launch Manager\QtZgAcer.EXE
@SunJavaUpdateSched"C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" = "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@UnlockerAssistant"C:\Programmi\Unlocker\UnlockerAssistant.exe" = "C:\Programmi\Unlocker\UnlockerAssistant.exe"
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@drvsyskitC:\WINDOWS\system32\drivers\hidr.exe = C:\WINDOWS\system32\drivers\hidr.exe
@hldrrrC:\WINDOWS\system32\hldrrr.exe /*file not found*/ = C:\WINDOWS\system32\hldrrr.exe /*file not found*/
@german.exeC:\WINDOWS\system32\wintems.exe /*file not found*/ = C:\WINDOWS\system32\wintems.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) = 
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} /*EPM-PO Shell Extension*/epm-po.dll = epm-po.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@(null) = 
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) = 
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
DAP_ShredMenu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
MyPhoneExplorer@{2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E} = C:\Programmi\MyPhoneExplorer\DLL\ShellMgr.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DAP_ShredMenu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{055FD26D-3A88-4e15-963D-DC8493744B1D}C:\PROGRA~1\ICQTOO~1\toolbaru.dll = C:\PROGRA~1\ICQTOO~1\toolbaru.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll = C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
@{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}C:\Programmi\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll = C:\Programmi\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A56CA5D-A513-48C8-89DB-62A90E5269AF} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.5 = 192.168.0.5
@NameServer192.168.0.1 = 192.168.0.1
@DefaultGateway192.168.0.1 = 192.168.0.1
@Domain = 

C:\Documents and Settings\Stefano\Menu Avvio\Programmi\Esecuzione automatica = Adobe Gamma.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
BTTray.lnk = BTTray.lnk

---- EOF - GMER 1.0.13 ----

Ho installato Avast. Ho fatto una scansione prima di caricare windows. Ho caricato windows e...magia... l'eseguibile di Avast è stato "mangiato" dal virus

[yanoama]

Alcuni file infetti sembrano essere ancora presenti nel tuo log, sei sicuro di aver seguito scrupolosamente le istruzioni dell'articolo di megalab???


Fai una scansione con panda antirootkit
http://research.pandasoftware.com/bl...-Released.aspx

e col tool di drweb che ti ho indicato prima.

Bye

[Barbalbero]

Quote:

Originariamente inviato da nV 25

wilders...ieri

Si, pare proprio molto interessante


sono meno esperto di te...
Non ravviso cmq nulla di grave nel log..

SynTP.sys *sembrerebbe* essere un driver del Touchpad Synaptics...
E' in C:\Windows\System32\drivers ?

Non so dove sia, ma è il mio touchpad

Codice:

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)

Come vedete, mi cancella ancora gli exe di Avast...
E cos'è l'ultima riga? iPod? io non ce l'ho mai avuta (e non ce l'ho nemmeno ora) quella cartella in Programmi...
Ora proseguo con gli altri consigli

[Barbalbero]

Quote:

Originariamente inviato da sampei.nihira

Visto che il log di hijackthis postato inizialmente da questo utente risulti "pulito all'origine" nonostante siano presenti nel pc diversi problemi,colgo l'occasione per mettere all'attenzione un soft ( ma in versione beta) già messo in luce su vari siti internet:

http://www.runscanner.net/

Potrebbe essere l'occasione per una prova.
Ma ripeto sempre con molta cautela.

Bel software...mi piace...

Codice:

Runscanner logfile http://www.runscanner.net 

000 General info
----------------
Computer name : HAL9000
Type of scan : Full scan
RunScanner Version : 0.9.6.1
Creation time : 15/08/2007 9.53.48
User rights : Administrator
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
User Language : Italiano (Italia)
IE version : 7.0.5730.11
Windows folder : C:\WINDOWS
Hosts file location : %SystemRoot%\System32\drivers\etc
Hosts <> 127.0.0.1 : 0

001 Running processes
---------------------
c:\programmi\tgtsoft\stylexp\stylexpservice.exe
c:\programmi\intel\wireless\bin\evteng.exe (Intel Corporation)
c:\programmi\intel\wireless\bin\s24evmon.exe (Intel Corporation)
c:\acer\emanager\anbmserv.exe (OSA Technologies Inc.)
* c:\programmi\synaptics\syntp\syntplpr.exe (Synaptics, Inc.)
* c:\programmi\synaptics\syntp\syntpenh.exe (Synaptics, Inc.)
c:\programmi\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc.)
c:\acer\epm\epm-dm.exe (Acer Inc)
c:\programmi\google\gmail notifier\gnotify.exe (Google Inc.)
c:\programmi\launch manager\qtzgacer.exe (Dritek System Inc.)
* c:\programmi\java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
c:\programmi\quicktime\qttask.exe (Apple Inc.)
c:\programmi\unlocker\unlockerassistant.exe
c:\programmi\widcomm\software bluetooth\bin\btwdins.exe (Broadcom Corporation.)
c:\programmi\intel\wireless\bin\regsrvc.exe (Intel Corporation)
c:\programmi\alcohol soft\alcohol 120\starwind\starwindserviceae.exe (Rocket Division Software)
c:\programmi\widcomm\software bluetooth\bttray.exe (Broadcom Corporation.)
* c:\documents and settings\stefano\desktop\runscanner.exe (Runscanner.net)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\programmi\synaptics\syntp\syntplpr.exe (Synaptics, Inc.)
* c:\programmi\synaptics\syntp\syntpenh.exe (Synaptics, Inc.)
c:\programmi\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc.)
c:\acer\epm\epm-dm.exe (Acer Inc)
c:\acer\epm\epm.exe (Acer Value Labs, Taiwan)
c:\programmi\google\gmail notifier\gnotify.exe (Google Inc.)
c:\programmi\launch manager\qtzgacer.exe (Dritek System Inc.)
* c:\programmi\java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
c:\programmi\quicktime\qttask.exe (Apple Inc.)
c:\programmi\unlocker\unlockerassistant.exe
- c:\progra~1\alwils~1\avast4\ashdisp.exe

004 C:\Documents and Settings\Stefano\Menu Avvio\Programmi\Esecuzione automatica
--------------------------------------------------------------------------------
c:\progra~1\fileco~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)

005 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
----------------------------------------------------------------------------------
c:\progra~1\adobe\acroba~1.0\reader\reader~1.exe (Adobe Systems Incorporated)
c:\progra~1\widcomm\softwa~1\bttray.exe (Broadcom Corporation.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\programmi\file comuni\adobe systems shared\service\adobelmsvc.exe (Adobe LM Service)
c:\acer\emanager\anbmserv.exe (Notebook Manager Service)
- c:\programmi\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* C:\WINDOWS\system32\ati2evxx.exe (ATI External Event Utility EXE Module)
- c:\programmi\alwil software\avast4\ashserv.exe (avast! Antivirus)
- c:\programmi\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
- c:\programmi\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
c:\programmi\widcomm\software bluetooth\bin\btwdins.exe (Bluetooth Service)
c:\programmi\intel\wireless\bin\evteng.exe (EvtEng)
c:\programmi\file comuni\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe (Windows CardSpace)
- c:\programmi\ipod\bin\ipodservice.exe (Servizio iPod)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe (Net.Tcp Port Sharing Service)
c:\programmi\intel\wireless\bin\regsrvc.exe (RegSrvc)
c:\programmi\intel\wireless\bin\s24evmon.exe (Spectrum24 Event Monitor)
c:\programmi\alcohol soft\alcohol 120\starwind\starwindserviceae.exe (StarWind AE Service)
c:\programmi\tgtsoft\stylexp\stylexpservice.exe (StyleXPService)
- c:\programmi\file comuni\symantec shared\ccpd-lc\symlcsvc.exe (Symantec Core LC)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\WINDOWS\system32\drivers\aegisp.sys (AEGIS Protocol (IEEE 802.1x) v3.1.6.0)
* C:\WINDOWS\system32\drivers\anydvd.sys (AnyDVD)
* C:\WINDOWS\system32\drivers\ati2mtag.sys (Video)
* C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom 440x 10/100 Integrated Controller XP Driver)
C:\WINDOWS\system32\drivers\btaudio.sys (Periferica audio Bluetooth)
C:\WINDOWS\system32\drivers\btport.sys (Driver di comunicazioni virtuali Bluetooth)
C:\WINDOWS\system32\drivers\btkrnl.sys (Enumeratore bus Bluetooth)
- c:\windows\system32\drivers\btserial.sys (Bluetooth Serial Driver)
- c:\windows\system32\drivers\btslbcsp.sys (Bluetooth Port Client Driver)
C:\WINDOWS\system32\drivers\btwdndis.sys (Server di accesso alla rete LAN Bluetooth)
C:\WINDOWS\system32\drivers\btwhid.sys (Bluetooth Virtual HID Minidriver)
C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)
* C:\WINDOWS\system32\drivers\camcaud.sys (Conexant AMC Audio)
* C:\WINDOWS\system32\drivers\camchal.sys (Conexant AmcHal Driver)
C:\WINDOWS\system32\drivers\dkbfltr.sys (Dritek HotKey Keyboard Filter Driver)
* C:\WINDOWS\system32\drivers\elbycdio.sys (ElbyCDIO Driver)
* C:\WINDOWS\system32\drivers\elbydelay.sys (ElbyDelay)
c:\windows\system32\drivers\epm-psd.sys (Acer EPM Power Scheme Driver)
c:\windows\system32\drivers\epm-shd.sys (Acer EPM System Hardware Driver)
- c:\programmi\file comuni\symantec shared\eengine\eraserutilrebootdrv.sys (EraserUtilRebootDrv)
C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson USB Flash Driver)
C:\WINDOWS\system32\drivers\gmer.sys (Base)
* C:\WINDOWS\system32\drivers\hamachi.sys (Hamachi Network Interface)
* C:\WINDOWS\system32\drivers\hsfhwich.sys (HSFHWICH WDM driver)
* C:\WINDOWS\system32\drivers\hsf_dpv.sys (HSF_DP driver)
- c:\windows\system32\drivers\incdpass.sys (InCDPass)
- c:\windows\system32\drivers\incdrm.sys (InCD Reader)
* C:\WINDOWS\system32\drivers\mdmxsdk.sys (Diagnostic Interface DRIVER)
c:\windows\system32\drivers\osaio.sys (osaio)
c:\windows\system32\drivers\osanbm.sys (osanbm)
c:\windows\system32\drivers\pci32.sys (Derkz864)
* C:\WINDOWS\system32\drivers\ptilink.sys (Driver Direct Parallel Link)
C:\WINDOWS\system32\drivers\s24trans.sys (WLAN Transport)
C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
C:\WINDOWS\system32\drivers\sptd.sys (Boot Bus Extender)
c:\windows\system32\drivers\srosa.sys (Megadrv3)
c:\programmi\tgtsoft\stylexp\stylexphelper.exe (StyleXPHelper)
* C:\WINDOWS\system32\drivers\syntp.sys (Synaptics TouchPad Driver)
C:\WINDOWS\system32\drivers\tap0801co.sys (TAP-Win32 Adapter V8 (coLinux))
c:\programmi\unlocker\unlockerdriver5.sys (unlockerdriver5.sys)
- c:\windows\system32\drivers\vmnetadapter.sys (VMware Virtual Ethernet Adapter Driver)
* C:\WINDOWS\system32\drivers\w29n51.sys (Driver di Intel(R) PRO/Wireless 2200BG Network Connection Driver per Windows XP)
* C:\WINDOWS\system32\drivers\hsf_cnxt.sys (HSF_CNXT driver)

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

035 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
-------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

036 HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
----------------------------------------------------------------
about:Home

040 HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
------------------------------------------------------------
* c:\progra~1\icqtoo~1\toolbaru.dll (IE Toolbar) {855F3B16-6D32-4fe6-8A56-BBB695989046}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
c:\programmi\alcohol toolbar\v3.2.0.0\alcohol_toolbar.dll {ED4BD629-C1B6-4399-8A34-02CCAA921DC9}
* c:\progra~1\icqtoo~1\toolbaru.dll (IE Toolbar) {855F3B16-6D32-4fe6-8A56-BBB695989046}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
* c:\programmi\icq6\icq.exe (ICQ, Inc.) {E59EB121-F339-4851-A3BA-FE49C35617C2}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
c:\programmi\alcohol toolbar\v3.2.0.0\alcohol_toolbar.dll {ED4BD629-C1B6-4399-8A34-02CCAA921DC9}
* c:\progra~1\icqtoo~1\toolbaru.dll (IE Toolbar) {855F3B16-6D32-4FE6-8A56-BBB695989046}

048 ESC Trusted zones
---------------------
Zone: microsoft.com : no zone defined
Zone: *.update.microsoft.com : http://*.update.microsoft.com
Zone: *.update.microsoft.com : https://*.update.microsoft.com

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\progra~1\icqtoo~1\toolbaru.dll (IE Toolbar) {055FD26D-3A88-4e15-963D-DC8493744B1D}
* c:\programmi\java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
c:\programmi\alcohol toolbar\v3.2.0.0\alcohol_toolbar.dll {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}

061 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
----------------------------------------------------------------------------
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
* c:\programmi\synaptics\syntp\syntpcpl.dll (Synaptics, Inc.) {2F603045-309F-11CF-9774-0020AFD0CFF6}
C:\WINDOWS\system32\epm-po.dll (Acer Labs USA) {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}
c:\programmi\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\programmi\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\windows\system32\btneighborhood.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb}
c:\programmi\file comuni\ahead\lib\nerodigitalext.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3}
c:\programmi\file comuni\ahead\lib\nerodigitalext.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79307-84BE-11CE-9641-444553540000}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
c:\programmi\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
* c:\programmi\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}

062 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
c:\programmi\file comuni\ahead\lib\nerodigitalext.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882}
c:\programmi\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

066 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
---------------------------------------------------------------------
c:\windows\system32\logonuix.exe (Microsoft Corporation)

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

100 Internet Explorer settings
------------------------------
Start Page HKCU : http://www.google.it/
Start Page HKLM : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Search Page HKCU : http://www.google.com
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
SearchAssistant HKCU : http://www.google.com/ie
SearchAssistant HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
ProxyServer HKCU : 131.175.12.65:8080
SearchUrl HKCU : http://www.google.com/keyword/%s

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\programmi\quicktime\qtplugin.ocx (Apple Inc.) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
* c:\windows\system32\macromed\director\swdir.dll (Adobe Systems, Inc.) {166B1BCA-3F9C-11CF-8075-444553540000}
* c:\programmi\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
c:\programmi\java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
* c:\programmi\java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
* c:\programmi\java\jre1.5.0_11\bin\npjpi150_11.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
* c:\programmi\java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
* c:\programmi\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
* c:\programmi\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
* c:\windows\system32\macromed\flash\flash9b.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}

106 HKLM\Software\Microsoft\Windows\CurrentVersion\URL
------------------------------------------------------
Default : http://
ftp : ftp://
gopher : gopher://
home : http://
mosaic : http://
www : http://

120 Domain/DNS hijacking
------------------------
NameServer {2A56CA5D-A513-48C8-89DB-62A90E5269AF} : 192.168.0.1

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\programmi\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\progra~1\dap\privac~1\dapctx~1.dll (Speedbit Ltd.) {BED4C38B-F765-45AC-8C56-613F76BBF43E}
GUID / CLSID not found {6B28C27B-8A75-4DB1-A08A-86C8CCEC3AF3}
c:\programmi\myphoneexplorer\dll\shellmgr.dll (F.J. Wechselberger) {2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E}
c:\programmi\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
c:\programmi\nero\nero 7\nero backitup\nbshell.dll (Nero AG)

180 FileType Hijacking
----------------------
HKEY_CLASSES_ROOT batfile : "%1" %*
HKEY_CLASSES_ROOT cmdfile : "%1" %*
HKEY_CLASSES_ROOT comfile : "%1" %*
HKEY_CLASSES_ROOT exefile : "%1" %*
HKEY_CLASSES_ROOT htafile : C:\WINDOWS\system32\mshta.exe "%1" %*
HKEY_CLASSES_ROOT piffile : "%1" %*
HKEY_CLASSES_ROOT scrfile : "%1" /S

Io non ci vedo niente di maligno, però non sono esperto..

[Barbalbero]

Quote:

Originariamente inviato da yanoama

Alcuni file infetti sembrano essere ancora presenti nel tuo log, sei sicuro di aver seguito scrupolosamente le istruzioni dell'articolo di megalab???


Fai una scansione con panda antirootkit
http://research.pandasoftware.com/bl...-Released.aspx

e col tool di drweb che ti ho indicato prima.

Bye

OK! Grande! dopo 2 scansioni di Panda, ora è ok!

Avast Inside!

GRAZIE A TUTTI

[yanoama]

Credo si trattasse di una variante nuova del beagle, per questo l'antivirus non lo ha bloccato.
Qui ci sono istruzioni aggiornate sulla rimozione
http://www.megalab.it/forum/viewtopic.php?t=34010
Comunque ottimo panda che l'ha rimosso.

Bye