Danni del worm "Bagle"

Deman · 17-11-2007, 08:39

Ciao a tutti
ho preso il worm Bagle,che tra le altre cose come ben saprete
ha disattivato l'avvio in modalità provvisoria
e ha reso impossibile l'avvio di Outlook Express.
Con l'aiuto,attraverso il forum, di alcuni tools l'ho finalmente
eliminato, ma queste due funzionalità di windows sono ancora
inibite.E nesessario reinstallare il S.O. o c'è qualche
procedura da seguire per poter ripristinare il tutto?
Il S.O è win 2000 Sp4

COOLNESS · 18-11-2007, 12:39

Scarica Gmer -> clic su >>> -> vai nella scheda autostart -> spunta la voce Show all -> clicca su Scan -> al termine premi copy ed incolli il risultato.

Deman · 19-11-2007, 08:45

Ecco il log di Gmer
fammi sapere
ciao

GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-11-19 08:42:47
Windows 5.0.2195 Service Pack 4

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINNT\system32\userinit.exe, = C:\WINNT\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
nwprovau@DLLName = nwprovau.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
wzcnotif@DLLName = wzcdlg.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ALG@ = %SystemRoot%\System32\alg.exe /*file not found*/
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Browser /*Browser di computer*/@ = %SystemRoot%\system32\services.exe
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\services.exe
dmserver /*Gestione disco logico*/@ = %SystemRoot%\System32\services.exe
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\services.exe
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
lanmanserver /*Server*/@ = %SystemRoot%\system32\services.exe
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\services.exe
LmHosts /*Servizio guida TCP/IP NetBIOS*/@ = %SystemRoot%\system32\services.exe
MSSQLServer /*MSSQLServer*/@ = C:\MSSQL7\binn\sqlservr.exe
NtmsSvc /*Gestione archivi rimovibili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
NWCWorkstation /*Servizio client per NetWare*/@ = %SystemRoot%\system32\services.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Agente criteri IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\services.exe
RemoteRegistry /*Servizio Registro di sistema remoto*/@ = %SystemRoot%\system32\regsvc.exe
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione protezione account*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\system32\MSTask.exe
seclogon /*Servizio RunAs*/@ = %SystemRoot%\system32\services.exe
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Condivisione connessione Internet*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SQLServerAgent /*SQLServerAgent*/@ = C:\MSSQL7\binn\sqlagent.exe
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\services.exe
WinMgmt /*Strumentazione gestione Windows*/@ = %SystemRoot%\System32\WBEM\WinMgmt.exe
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k wugroup

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Synchronization Managermobsync.exe /logon = mobsync.exe /logon
@MemoREX"C:\Programmi\MemoRex\MemoRexStart.exe" = "C:\Programmi\MemoRex\MemoRexStart.exe"
@SlipStream"C:\Programmi\SlipStream Web Accelerator\slipcore.exe" = "C:\Programmi\SlipStream Web Accelerator\slipcore.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

HKCU\Software\Microsoft\Windows\CurrentVersion\Run @internat.exe = internat.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad >>>
@Network.ConnectionTrayC:\WINNT\system32\NETSHELL. dll = C:\WINNT\system32\NETSHELL.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTraystobject.dll = stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command @ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINNT\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*Estensione CPL PlusPack*/plustab.dll = plustab.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINNT\system32\hticons.dll = C:\WINNT\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINNT\system32\wshext.dll = C:\WINNT\system32\wshext.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Rete e connessioni remote*/C:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINNT\system32\mstask.dll = C:\WINNT\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINNT\system32\mstask.dll = C:\WINNT\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINNT\system32\mstask.dll = C:\WINNT\system32\mstask.dll
@{1A9BA3A0-143A-11CF-8350-444553540000} /*Cartella Preferiti*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{20D04FE0-3AEA-1069-A2D8-08002B30309D} /*Risorse del computer*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{86747AC0-42A0-1069-A2E6-08002B30309D} /*Cartella Sincronia file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{0AFACED1-E828-11D1-9187-B532F1E9575D} /*Collegamento alla cartella*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{12518493-00B2-11d2-9FA5-9E3420524153} /*Volume installato*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{21B22460-3AEA-1069-A2DC-08002B30309D} /*Estensione pagina proprietà file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{B091E540-83E3-11CF-A713-0020AFD79762} /*Pagina tipi di file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{FBF23B41-E3F0-101B-8488-00AA003E56F8} /*Hook di tipi di file MIME*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{C2FBB630-2971-11d1-A18C-00C04FD75D13} /*Servizio CopyTo Microsoft*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{C2FBB631-2971-11d1-A18C-00C04FD75D13} /*Microsoft MoveTo Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{13709620-C279-11CE-A49E-444553540000} /*Servizio automazione della shell*/C:\WINNT\system32\shell32.dll = C:\WINNT\system32\shell32.dll
@{62112AA1-EBE4-11cf-A5FB-0020AFE7292D} /*Shell Automation Folder View*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{4622AD11-FF23-11d0-8D34-00A0C90F2719} /*Menu Avvio*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{7BA4C740-9E81-11CF-99D3-00AA004AE837} /*Microsoft SendTo Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{D969A300-E7FF-11d0-A93B-00A0C90F2719} /*Microsoft New Object Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{09799AFB-AD67-11d1-ABCD-00C04FC30936} /*Apri con gestore menu di scelta rapida*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{3FC0B520-68A9-11D0-8D77-00C04FD70822} /*Mostra estensioni HTML del Pannello di controllo*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{75048700-EF1F-11D0-9888-006097DEACF9} /*ActiveDesktop*/C:\WINNT\system32\shell32.dll = C:\WINNT\system32\shell32.dll
@{6D5313C0-8C62-11D1-B2CD-006097DF8C11} /*Estensione pagina proprietà Opzioni cartella*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{57651662-CE3E-11D0-8D77-00C04FC99D61} /*CmdFileIcon*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{4657278A-411B-11d2-839A-00C04FD918D0} /*Helper trascinamento selezione Shell*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{A470F8CF-A1E8-4f65-8335-227475AA5C46} /*Aggiungere l'elemento di crittografia al menu di scelta rapida in Esplora risorse*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{568804CA-CBD7-11d0-9816-00C04FD91972} /*Menu Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{5b4dae26-b807-11d0-9815-00c04fd91972} /*Menu Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8278F931-2A3E-11d2-838F-00C04FD918D0} /*Tracking Shell Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{E13EF4E4-D2F2-11d0-9816-00C04FD91972} /*Menu Site*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4F-521C-11D0-B792-00A0C90312E1} /*Menu Desk Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Merge Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{D82BE2B0-5764-11D0-A96E-00C04FD705A2} /*IShellFolderBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*Microsoft SearchBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{0E5CBF21-D15F-11d0-8301-00AA005B4383} /*&Collegamenti*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7487cd30-f71a-11d0-9ea7-00805f714772} /*Thumbnail Image*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\system32\sendmail.dll = C:\WINNT\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\system32\sendmail.dll = C:\WINNT\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{EAB841A0-9550-11CF-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Programma di estrazione filtri grafici di Office in anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{9DBD2C50-62AD-11D0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{500202A0-731E-11D0-B829-00C04FD706EC} /*LNK file thumbnail interface delegator*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8C-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{fe1290f0-cfbd-11cf-a330-00aa00c16e65} /*Directory Namespace*/dsfolder.dll = dsfolder.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/dsfolder.dll = dsfolder.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/dsquery.dll = dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/dsquery.dll = dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/dsquery.dll = dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/dsuiext.dll = dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/dsuiext.dll = dsuiext.dll
@{450D8FBA-AD25-11D0-98A8-0800361B1103} /*MyDocs Folder*/mydocs.dll = mydocs.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/mydocs.dll = mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/mydocs.dll = mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/mydocs.dll = mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Menu file non in linea*/cscui.dll = cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Opzioni cartella File non in linea*/cscui.dll = cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/cscui.dll = cscui.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/mmcshext.dll = mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{8e9d6600-f84a-11ce-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{e3f2bac0-099f-11cf-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{52c68510-09a0-11cf-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v7*/(null) =
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a² Context Menu Shell Extension*/(null) =
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINNT\system32\mscoree.dll = C:\WINNT\system32\mscoree.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
BitDefender Antivirus v7@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
NetWareUNCMenu@{e3f2bac0-099f-11cf-8daa-00aa004a5691} = nwprovau.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{4115122B-85FF-4DD3-9515-F075BEDE5EB5}C:\Programmi\SlipStream Web Accelerator\PBHelper.dll = C:\Programmi\SlipStream Web Accelerator\PBHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_06\bin\ssv .dll = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://it.msn.com = http://it.msn.com
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.libero.it/ = http://www.libero.it/
@Local PageC:\WINNT\system32\blank.htm = C:\WINNT\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINNT\system32\mscoree.dll
application/x-complus@CLSID = C:\WINNT\system32\mscoree.dll
application/x-msdownload@CLSID = C:\WINNT\system32\mscoree.dll
Class Install Handler@CLSID = C:\WINNT\system32\urlmon.dll
deflate@CLSID = C:\WINNT\system32\urlmon.dll
gzip@CLSID = C:\WINNT\system32\urlmon.dll
lzdhtml@CLSID = C:\WINNT\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\shell32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINNT\system32\urlmon.dll
file@CLSID = C:\WINNT\system32\urlmon.dll
ftp@CLSID = C:\WINNT\system32\urlmon.dll
gopher@CLSID = C:\WINNT\system32\urlmon.dll
http@CLSID = C:\WINNT\system32\urlmon.dll
https@CLSID = C:\WINNT\system32\urlmon.dll
its@CLSID = C:\WINNT\system32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
local@CLSID = C:\WINNT\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINNT\system32\urlmon.dll
ms-its@CLSID = C:\WINNT\system32\itss.dll
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
vnd.ms.radio@CLSID = C:\WINNT\system32\msdxm.ocx

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\rnr20.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\nwprovau.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\PROGRA~1\SLIPST~1\sliplsp.dll
000000000002@PackedCatalogItem = C:\PROGRA~1\SLIPST~1\sliplsp.dll
000000000003@PackedCatalogItem = C:\PROGRA~1\SLIPST~1\sliplsp.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000028@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000029@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000030@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000031@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000032@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000033@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000034@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000035@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000036@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000037@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000038@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000039@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000040@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000041@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000042@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000043@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000044@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000045@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000046@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000047@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00048@PackedCatalogItem = C:\PROGRA~1\SLIPST~1\sliplsp.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Service Manager.lnk = Service Manager.lnk
SlipStream Web Accelerator.lnk = SlipStream Web Accelerator.lnk

---- EOF - GMER 1.0.13 ----

COOLNESS · 22-11-2007, 21:20

Perfetto, adesso esegui una scansione online con kaspersky e allega il report...poi ti dirò la procedura da eseguire per eliminare il bagle....
Ciao ciao e scusa per la risposta in ritardo!

Deman · 25-11-2007, 12:31

Purtroppo non posso eseguire la scansione on line perchè(ci ho già provato una volta)in ufficio dove c'è il Pc infetto ho un collegamento analogico e ci mette una vita.Poichè il pc serve per il lavoro di ufficio che prevede tra l'altro continue connessioni ad un server internet, mi è impossibile fare questa scansione.E' proprio necessaria o da questo log puoi già aiutarmi in qualche modo?
Grazie

COOLNESS · 25-11-2007, 12:43

1)Disattiva il ripristino configurazione di sistema, se hai windows me/xp
(Clic tasto destro su risorse del computer / proprietà / ripristino conf. di sistema / spunta su "disattiva ripristino conf. di sistema").

2)Scarica the avenger e incolla questo script:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32

3)Posta in allegato il log di hijackthis e di avenger

Deman · 27-11-2007, 10:00

Ti invio in allegato i due log richiesti
Ciao

COOLNESS · 27-11-2007, 14:38

Il log di avenger non è quello, si trova in c:/avenger...rifai il log di hijackthis con la versione 2.0.2.

Deman · 29-11-2007, 14:20

Ho lanciato Avenger ma quando riavvio il Pc compare un mess.di errore che dice"Impossibile trovare la cartella C:\Avenger", ma essa in effetti esiste.
Viene creato però in C:\Avenger un file compresso(che risulta essere un file di registro).Ti invio quindi questo file compresso + il log di hijackthis nella versione che mi hai richiesto.

Ciao

COOLNESS · 29-11-2007, 15:34

Scarica elibagla (lo trovi nella mia firma)
poi fai una scansione e al riavvio posti il log che trovi in C:\Infosat.txt

17-11-2007, 08:39	#1 (permalink)
Deman Utente Membro Junior Data di registrazione: Nov 2007 Messaggi: 15	Danni del worm "Bagle" Ciao a tutti ho preso il worm Bagle,che tra le altre cose come ben saprete ha disattivato l'avvio in modalità provvisoria e ha reso impossibile l'avvio di Outlook Express. Con l'aiuto,attraverso il forum, di alcuni tools l'ho finalmente eliminato, ma queste due funzionalità di windows sono ancora inibite.E nesessario reinstallare il S.O. o c'è qualche procedura da seguire per poter ripristinare il tutto? Il S.O è win 2000 Sp4

18-11-2007, 12:39	#2 (permalink)
COOLNESS Utente Top Forumer Data di registrazione: Apr 2007 Ubicazione: Rimini Messaggi: 504	Scarica Gmer -> clic su >>> -> vai nella scheda autostart -> spunta la voce Show all -> clicca su Scan -> al termine premi copy ed incolli il risultato. __________________

22-11-2007, 21:20	#4 (permalink)
COOLNESS Utente Top Forumer Data di registrazione: Apr 2007 Ubicazione: Rimini Messaggi: 504	Perfetto, adesso esegui una scansione online con kaspersky e allega il report...poi ti dirò la procedura da eseguire per eliminare il bagle.... Ciao ciao e scusa per la risposta in ritardo! __________________

25-11-2007, 12:43	#6 (permalink)
COOLNESS Utente Top Forumer Data di registrazione: Apr 2007 Ubicazione: Rimini Messaggi: 504	1)Disattiva il ripristino configurazione di sistema, se hai windows me/xp (Clic tasto destro su risorse del computer / proprietà / ripristino conf. di sistema / spunta su "disattiva ripristino conf. di sistema"). 2)Scarica the avenger e incolla questo script: Files to delete: C:\WINDOWS\system32\drivers\hidr.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe C:\WINDOWS\system32\hldrrr.exe C:\WINDOWS\system32\trusted.exe C:\WINDOWS\system32\drivers\pci32.sys folders to delete: C:\WINDOWS\exefnd C:\WINDOWS\exefld registry keys to delete: HKLM\SYSTEM\CurrentControlSet\Services\srosa HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA HKLM\SYSTEM\CurrentControlSet\Services\pci32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32 3)Posta in allegato il log di hijackthis e di avenger __________________

27-11-2007, 14:38	#8 (permalink)
COOLNESS Utente Top Forumer Data di registrazione: Apr 2007 Ubicazione: Rimini Messaggi: 504	Il log di avenger non è quello, si trova in c:/avenger...rifai il log di hijackthis con la versione 2.0.2. __________________ Ultima modifica di COOLNESS : 27-11-2007 21:09.

25-11-2007, 12:31	#5 (permalink)
Deman Utente Membro Junior Data di registrazione: Nov 2007 Messaggi: 15	Purtroppo non posso eseguire la scansione on line perchè(ci ho già provato una volta)in ufficio dove c'è il Pc infetto ho un collegamento analogico e ci mette una vita.Poichè il pc serve per il lavoro di ufficio che prevede tra l'altro continue connessioni ad un server internet, mi è impossibile fare questa scansione.E' proprio necessaria o da questo log puoi già aiutarmi in qualche modo? Grazie

29-11-2007, 15:34	#10 (permalink)
COOLNESS Utente Top Forumer Data di registrazione: Apr 2007 Ubicazione: Rimini Messaggi: 504	Scarica elibagla (lo trovi nella mia firma) poi fai una scansione e al riavvio posti il log che trovi in C:\Infosat.txt __________________

Strumenti della discussione
Visualizza la versione stampabile Invia la pagina tramite email