Saluti a tutti. Quando avvio il PC con Windows XP mi compare una finestra con la scritta: "Si è verificato un errore con l' applicazione ANIWZCS2 Service Launcher", qualcuno sa dirmi di cosa si tratta e come risolvere il problema? Grazie.

brutte notizie

leggi qui http://www.manuali.it/forum/viewtopic.php?p=85320&sid=ba971ca1c9cdd5b9d9eb51782039a5f6

scusami....perche' pensi che possa andare storto?

e' una procedura che devi fare- se vuoi la facciamo passo passo, ma non e' difficile

se hai qualche dubbio ......

Ci sei ancora Shapiro??

Grazie sono in attesa. Non ti sembra che la spiegazione sia poco chiara?

Shapiro ecco il log di Combofix:


ComboFix 09-02-06.01 - Angelo 2009-02-06 17.45.44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.959.467 [GMT 1:00]
Eseguito da: c:\documents and settings\Angelo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090206-0] *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt

.
((((((((((((((((((((((((( Files Creati Da 2009-01-06 al 2009-02-06 )))))))))))))))))))))))))))))))))))
.

2009-02-02 13:24 . 2009-02-02 13:24 <DIR> d-------- c:\documents and settings\Angelo\Dati applicazioni\vlc
2009-01-25 13:23 . 2009-02-06 14:27 <DIR> d-------- c:\documents and settings\Angelo\Tracing
2009-01-25 13:22 . 2009-01-25 13:22 <DIR> d-------- c:\programmi\Microsoft
2009-01-25 13:21 . 2009-01-25 13:21 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-01-25 13:09 . 2009-01-25 13:09 <DIR> d-------- c:\programmi\File comuni\Windows Live
2009-01-18 10:10 . 2009-01-16 17:46 65,536 --a------ c:\windows\system32\ludoftp.ocx
2009-01-17 14:12 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-01-17 14:12 . 2008-12-11 12:32 132,976 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-01-17 14:12 . 2008-12-11 17:01 95,640 --a------ c:\windows\system32\drivers\pctplfw.sys
2009-01-17 14:12 . 2008-12-11 12:32 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 10:06 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-02-06 07:42 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-02-05 14:56 --------- d-----w c:\programmi\eMule
2009-02-04 13:45 --------- d-----w c:\documents and settings\Angelo\Dati applicazioni\dvdcss
2009-01-28 12:42 --------- d-----w c:\programmi\PC Tools Firewall Plus
2009-01-26 21:01 --------- d-----w c:\programmi\Imperivm - Le Grandi Battaglie di Roma
2009-01-25 12:21 --------- d-----w c:\programmi\Windows Live
2009-01-17 13:13 --------- d-----w c:\programmi\File comuni\PC Tools
2009-01-16 12:22 --------- d-----w c:\programmi\CCleaner
2009-01-13 16:27 --------- d-----w c:\programmi\Burraconline
2009-01-05 12:48 --------- d-----w c:\documents and settings\Angelo\Dati applicazioni\CyberInstaller Studio 2008
2009-01-03 18:37 --------- d-----w c:\documents and settings\Angelo\Dati applicazioni\uTorrent
2008-12-30 12:05 --------- d-----w c:\programmi\ImgBurn
2008-12-30 12:05 --------- d-----w c:\documents and settings\Angelo\Dati applicazioni\ImgBurn
2008-12-29 21:45 --------- d-----w c:\programmi\SlySoft
2008-12-28 13:18 --------- d-----w c:\programmi\KaraFun
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 14:12 --------- d-----w c:\documents and settings\Angelo\Dati applicazioni\mIRC
2008-12-07 19:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-07 19:43 --------- d-----w c:\programmi\Java
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-02-10 185896]
"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2007-08-03 1552384]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-01-28 2652056]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 c:\windows\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-06 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-03-01 15:22 577536 c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-03 111184]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-01-17 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-03 20560]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-01-17 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-01-17 95640]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-01-12 44928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25176586-0081-11dc-8514-4d6564696130}]
\Shell\Auto\command - K:\kdbcfdhpn.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kdbcfdhpn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a26f8068-2977-11db-83a1-00024f300101}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a718ec9e-6f97-11dd-b55e-cb8b4fb89b62}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b64b78b1-cf67-11dc-a764-4d6564696130}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d64d69d2-03e6-11dc-851d-4d6564696130}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d64d69d3-03e6-11dc-851d-4d6564696130}]
\Shell\Auto\command - K:\curpzburq.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL curpzburq.exe
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-sglfb.sys
SafeBoot-tga.sys
MSConfigStartUp-2kadiras - 2kadiras.exe
MSConfigStartUp-9xadiras - 9xadiras.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {0E01C3B2-C5EF-4C27-811C-D0E7279E1F14} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Angelo\Dati applicazioni\Mozilla\Firefox\Profiles\kswezxo8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 17:47:54
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,f5,7e,d0,8d,44,
3b,c7,80,c8,28,51,af,b0,29,a3,98,08,47,60,05,65,f8,8a,ce,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,64,96,01,82,76,
51,4c,e9,71,3b,04,66,8b,46,0d,96,04,33,70,87,02,65,41,a3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,d3,db,62,c7,60,
d1,59,5a,25,da,ec,7e,55,20,c9,26,4a,f4,5c,7b,17,fe,82,c0,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,f3,6c,47,17,58,
69,08,48,3e,1e,9e,e0,57,5a,93,61,d2,87,b4,85,9d,51,a3,d0,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,9e,44,8b,73,1a,
ea,a7,47,cd,44,cd,b9,a6,33,6c,cd,5a,fe,51,bf,b4,e8,d0,77,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,16,d2,be,bc,c3,
08,00,36,b0,18,ed,a7,3f,8d,37,a4,1e,b2,37,82,e0,48,e4,e3,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,32,85,27,ed,91,
39,69,88,31,77,e1,ba,b1,f8,68,02,f8,fc,99,8d,ec,d3,e6,2c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,51,11,3d,f5,e6,
da,e7,1f,83,6c,56,8b,a0,85,96,ab,cb,98,7c,b5,6f,91,63,a2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,14,19,12,0a,d8,
de,6a,7b,51,fa,6e,91,28,9e,14,cc,7e,57,a4,e9,e5,7c,e7,40,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b4,3b,66,76,49,
8a,72,7b,b1,cd,45,5a,a8,c4,f8,b9,89,80,3a,cf,80,1d,8d,60,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b7,79,db,f9,7b,
5e,a6,24,e3,0e,66,d5,eb,bc,2f,6b,4f,e9,ba,8e,a1,6b,70,a6,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,9b,30,45,b3,f4,
43,3e,d3,fa,ea,66,7f,d4,3b,6b,70,8a,f4,61,a7,c4,d5,e9,93,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-02-06 17.50.16
ComboFix-quarantined-files.txt 2009-02-06 16:49:48

Pre-Run: 27.330.011.136 byte disponibili
Post-Run: 27,809,878,016 byte disponibili

212 --- E O F --- 2009-01-15 00:07:44

X r16:

onestamente io non sono riuscito a capire cosa bisogna eliminare e non vorrei peggiorare la situazione. puoi spiegarmi i passi da fare e cosa eliminare? Grazie.-

Da qui proprio non riesco a capire??


e poi, per rimuovere le disintallazioni finte (sono due):

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

e rimuovi:

HKEY_LOCAL_MACHINE\Software\ANI

Rimuovi quindile due cartelle che puntano le due disinstallazioni:
C:\Programmi\InstallShield Installation Information\…
(apri le cartelle e cerca i file Setup.INI con dentro ANI o ANIO…)
Di solito:
C:\Programmi\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}
C:\Programmi\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}

Grazie r16 adesso si che la cosa è chiara, ovviamente restano valide le eliminazioni che precedono queste. Ora devo uscire appena posso provo e ti faccio sapere. Buona serata.