|
|||||||
|
|
|
 |
|
|
Strumenti |
22-08-2007, 14:41
|
#1 |
|
Member
Iscritto dal: Jan 2007
Messaggi: 43
|
Virus sconosciuto
Cari ragazzi,
scusate il disturbo in pieno agosto, ma sono in piena scrittura di tesi (da consegnare entro una settimana) e mi sto facendo prendere dal panico. Innanzitutto grazie per il supporto che date a tutti quanti. ci tengo a dire che HO SEGUITO TUTTE LE PROCEDURE descritte nell'articolo e non sono riuscito a risolvere. Sintomi: 1 - Malfunzionamento del servizio ZEro COnfiguration per la rete wireless: da ieri il servizio è disattivato ed è impossibile ripristinarlo, ragion per cui all'improvviso devo usare il programma Intel per gestire la coneessione wireless 2- Disattivazione di antivirus e antispyware con relativa cancellazione degli eseguibili. E' anche impossibile installare o lanciare qualunque nuovo AV o ASW 3- Scansione online sembra possibile solo con Trend Micro che ieri notte miha rilevato 3 virus sconosciuti. Apparentemente sono stati cancellati ma stamattina la situazione non è cambiata 4 - sono quasi certo di aver preso il worm/virus/trojan/malware o quello che è da un file scaricato in p2p. CureIT rileva questo file come "probabile Trojan Backdoor" ma non so cosa fare. TEmo che cancellare il file non serva a molto 5 - Allego il log di hijack, fondamentalmente pare che il ZCfgSvc sia nel posto sbagliato, ma non ci capisco molto altro Grazie ancora, W. Logfile of HijackThis v1.99.1 Scan saved at 13.02.26, on 22/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\vsnp2std.exe C:\Programmi\Lexmark 2400 Series\lxcrmon.exe C:\Programmi\Lexmark 2400 Series\ezprint.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Asus\Asus ChkMail\ChkMail.exe C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PROSet.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe G:\Software2\Sikurezza\Tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barra degli strumenti - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmi\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Lexmark Barra degli strumenti - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmi\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Programmi\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Programmi\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{97B87998-FCD1-4DE3-845F-4CEE5BFDDA7F}: NameServer = 83.146.21.6,212.158.248.5 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe |
|
|
|
22-08-2007, 14:51
|
#2 |
|
Senior Member
Iscritto dal: Aug 2005
Città: Genova
Messaggi: 3397
|
leggi qui:
http://www.megalab.it/articoli.php?id=948 riporta anche le righe in rosso evidenziate da una scansione di gmer |
|
|
|
|
22-08-2007, 15:26
|
#3 |
|
Member
Iscritto dal: Jan 2007
Messaggi: 43
|
grazie per la risposta immmediata.
Se ho il Bagle ho l'ultima variante, perchè alcune cose, nomi di file cartelle, processi, non corrispondono. Come faccio a esserne sicuro? HO un problema con gmer (a parte non saperlo usare). Ho la versione 1.0.10 e mi funziona tranquillamente, ma non vedo linee rosse. Ho scaricato e provato a lanciare la 1.0.13 ma mi dice "funzione non corretta" come mi devo comportare? Grazie W. |
|
|
|
|
22-08-2007, 16:31
|
#4 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
segui il consiglio di Lancetta.
__________________
Try again and you will be luckier.
|
|
|
|
|
|
22-08-2007, 17:54
|
#5 |
|
Member
Iscritto dal: Jan 2007
Messaggi: 43
|
Niente da fare, non trova nessuna infezione... non so che fare.
Ecco il log di InfoSAT.txt, c'è quel riferimento alla modalità provvisoria che rimanda ai sintomi del Bagle. Wed Aug 22 15:43:31 2007 EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Restaurada Clave: "SafeBoot\Minimal y Network" Wed Aug 22 16:41:30 2007 EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Wed Aug 22 16:41:51 2007 EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ |
|
|
|
|
22-08-2007, 19:49
|
#6 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
fai una scansione con panda antirootkit (http://research.pandasoftware.com/bl...Released.aspx), e anche con bitdefender on line: http://www.bitdefender.com/scan8/ie.html,dopodichè riprova con elibagla.
__________________
Opera disabilitazione script ed iframe  Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
22-08-2007, 23:16
|
#7 | |
|
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
Quote:
Vorrei farla anch'io, se possibile, questa scansione. E poi, se non ti chiedo troppo, non riesco a fare scansioni online. Il messaggio che mi compare, in genere, è che non si riescono ad installare gli ActiveX. Puoi darmi un suggerimento? Grazie |
|
|
|
|
|
22-08-2007, 23:32
|
#8 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
|
posta un log di gmer
|
|
|
|
|
23-08-2007, 00:18
|
#9 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
Quote:
Assicurati che la casella Eliminar Ficheros Automaticamente sia spuntata poi posta il log che trovi in: C:\InfoSat.txt Per quanto riguarda le scansioni on line ed activeX si deve usare internet explorer.
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
Ultima modifica di lancetta : 23-08-2007 alle 00:20. |
|
|
|
|
|
23-08-2007, 00:36
|
#10 |
|
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
Mi convie allegarvi i due file txt. Sono molto lunghi e mandano in pappa l'invio.
@ Lancetta: mi hai risposto nello stesso identico modo e non ho ancora capito. Cosa devo scaricare e dove perchè di link non ne vedo! edit: ma non ci riesco, sono troppo grandi! Autoavvio GMER 1.0.13.12551 - http://www.gmer.net Autostart scan 2007-08-23 00:10:44 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>> @UserinitD:\WINDOWS\system32\userinit.exe, = D:\WINDOWS\system32\userinit.exe, @ShellExplorer.exe = Explorer.exe @System = @UIHostlogonui.exe = logonui.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> crypt32chain@DLLName = crypt32.dll cryptnet@DLLName = cryptnet.dll cscdll@DLLName = cscdll.dll klogon@DLLName = D:\WINDOWS\system32\klogon.dll ScCertProp@DLLName = wlnotify.dll Schedule@DLLName = wlnotify.dll sclgntfy@DLLName = sclgntfy.dll SensLogn@DLLName = WlNotify.dll termsrv@DLLName = wlnotify.dll wlballoon@DLLName = wlnotify.dll HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = HKLM\SYSTEM\CurrentControlSet\Services\ >>> AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs AVP /*Active Virus Shield*/@ = "D:\Programmi\AOL\Active Virus Shield\avp.exe" -r CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Diskeeper /*Diskeeper*/@ = "D:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe" Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Netman /*Connessioni di rete*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs OutpostFirewall /*Outpost Firewall Service*/@ = D:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /service PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs UPHClean /*User Profile Hive Cleanup*/@ = D:\Programmi\UPHClean\uphclean.exe winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @Outpost FirewallD:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice = D:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice @aol"D:\Programmi\AOL\Active Virus Shield\avp.exe" = "D:\Programmi\AOL\Active Virus Shield\avp.exe" HKCU\Software\Microsoft\Windows\CurrentVersion\Run@SpybotSD TeaTimer = D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>> @PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @SysTrayD:\WINDOWS\System32\stobject.dll = D:\WINDOWS\System32\stobject.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>> @{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L HKLM\Software\Classes\ >>> .exe@ = "%1" %* .com@ = "%1" %* .cmd@ = "%1" %* .bat@ = "%1" %* .pif@ = "%1" %* .scr@ = "%1" /S .hta@ = D:\WINDOWS\System32\mshta.exe "%1" %* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl @{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll @{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll @{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll @{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll @{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll @{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll @{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll @{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll @{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll @{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll @{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll @{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll @{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll @{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll @{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll @{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll @{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/D:\WINDOWS\System32\hticons.dll = D:\WINDOWS\System32\hticons.dll @{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll @{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll @{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll @{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll @{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/D:\WINDOWS\system32\cryptext.dll = D:\WINDOWS\system32\cryptext.dll @{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/D:\WINDOWS\system32\cryptext.dll = D:\WINDOWS\system32\cryptext.dll @{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/D:\WINDOWS\system32\NETSHELL.dll = D:\WINDOWS\system32\NETSHELL.dll @{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/D:\WINDOWS\system32\NETSHELL.dll = D:\WINDOWS\system32\NETSHELL.dll @{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/D:\WINDOWS\System32\remotepg.dll = D:\WINDOWS\System32\remotepg.dll @{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/D:\WINDOWS\system32\wuaucpl.cpl = D:\WINDOWS\system32\wuaucpl.cpl @{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensioni di shell per Windows Script Host*/D:\WINDOWS\system32\wshext.dll = D:\WINDOWS\system32\wshext.dll @{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/D:\Programmi\File comuni\System\Ole DB\oledb32.dll = D:\Programmi\File comuni\System\Ole DB\oledb32.dll @{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/D:\WINDOWS\System32\mstask.dll = D:\WINDOWS\System32\mstask.dll @{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/D:\WINDOWS\System32\mstask.dll = D:\WINDOWS\System32\mstask.dll @{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/D:\WINDOWS\System32\mstask.dll = D:\WINDOWS\System32\mstask.dll @{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) = @{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/D:\WINDOWS\System32\sendmail.dll = D:\WINDOWS\System32\sendmail.dll @{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/D:\WINDOWS\System32\sendmail.dll = D:\WINDOWS\System32\sendmail.dll @{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll @{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll @{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll @{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/D:\WINDOWS\System32\shimgvw.dll = D:\WINDOWS\System32\shimgvw.dll @{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/D:\WINDOWS\System32\shimgvw.dll = D:\WINDOWS\System32\shimgvw.dll @{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/D:\WINDOWS\System32\shimgvw.dll = D:\WINDOWS\System32\shimgvw.dll @{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll @{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll @{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll @{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll @{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll @{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) = @{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll @{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll @{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/D:\WINDOWS\System32\msieftp.dll = D:\WINDOWS\System32\msieftp.dll @{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/D:\WINDOWS\System32\docprop2.dll = D:\WINDOWS\System32\docprop2.dll @{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/D:\WINDOWS\System32\docprop2.dll = D:\WINDOWS\System32\docprop2.dll @{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/D:\WINDOWS\System32\docprop2.dll = D:\WINDOWS\System32\docprop2.dll @{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/D:\WINDOWS\System32\docprop2.dll = D:\WINDOWS\System32\docprop2.dll @{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/D:\WINDOWS\System32\docprop2.dll = D:\WINDOWS\System32\docprop2.dll @{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/D:\WINDOWS\System32\docprop2.dll = D:\WINDOWS\System32\docprop2.dll @{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll @{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll @{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll @{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll @{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll @{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll @{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll @{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll @{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll @{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/D:\WINDOWS\msagent\agentpsh.dll = D:\WINDOWS\msagent\agentpsh.dll @{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/D:\WINDOWS\System32\dfsshlex.dll = D:\WINDOWS\System32\dfsshlex.dll @{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll @{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll @{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll @{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/D:\Programmi\Outlook Express\wabfind.dll = D:\Programmi\Outlook Express\wabfind.dll @{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/D:\WINDOWS\system32\wmpshell.dll = D:\WINDOWS\system32\wmpshell.dll @{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/D:\WINDOWS\system32\wmpshell.dll = D:\WINDOWS\system32\wmpshell.dll @{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/D:\WINDOWS\system32\wmpshell.dll = D:\WINDOWS\system32\wmpshell.dll @{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/D:\WINDOWS\System32\twext.dll = D:\WINDOWS\System32\twext.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/D:\WINDOWS\System32\extmgr.dll = D:\WINDOWS\System32\extmgr.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll @{59850401-6664-101B-B21C-00AA004BA90B} /*Microsoft Office Binder Unbind*/D:\PROGRA~1\MICROS~2\Office\1040\UNBIND.DLL = D:\PROGRA~1\MICROS~2\Office\1040\UNBIND.DLL @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/D:\Programmi\Real\RealPlayer\rpshell.dll = D:\Programmi\Real\RealPlayer\rpshell.dll @{8BE13461-936F-11D1-A87D-444553540000} /*Eraser Shell Extension*/D:\WINDOWS\system32\erasext.dll = D:\WINDOWS\system32\erasext.dll @{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/D:\WINDOWS\system32\mscoree.dll = D:\WINDOWS\system32\mscoree.dll @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/D:\WINDOWS\system32\dfshim.dll = D:\WINDOWS\system32\dfshim.dll @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/D:\WINDOWS\system32\dfshim.dll = D:\WINDOWS\system32\dfshim.dll @{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL @{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL @{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*Nokia Phone Browser*/D:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = D:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/D:\Programmi\File comuni\Microsoft Shared\Web Folders\msonsext.dll = D:\Programmi\File comuni\Microsoft Shared\Web Folders\msonsext.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = D:\Programmi\File comuni\Microsoft Shared\Web Folders\msonsext.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> Erasext@{8BE13461-936F-11D1-A87D-444553540000} = D:\WINDOWS\system32\erasext.dll Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programmi\AOL\Active Virus Shield\shellex.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> Erasext@{8BE13461-936F-11D1-A87D-444553540000} = D:\WINDOWS\system32\erasext.dll Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programmi\AOL\Active Virus Shield\shellex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{53707962-6F74-2D53-2644-206D7942484F}D:\PROGRA~1\SPYBOT~1\SDHelper.dll = D:\PROGRA~1\SPYBOT~1\SDHelper.dll @{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Programmi\Java\jre1.6.0_01\bin\ssv.dll = D:\Programmi\Java\jre1.6.0_01\bin\ssv.dll HKCU\Control Panel\[email protected] = D:\WINDOWS\System32\ssstars.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local PageD:\WINDOWS\SYSTEM32\blank.htm = D:\WINDOWS\SYSTEM32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/ HKLM\Software\Classes\PROTOCOLS\Filter\ >>> application/octet-stream@CLSID = mscoree.dll application/x-complus@CLSID = mscoree.dll application/x-msdownload@CLSID = mscoree.dll Class Install Handler@CLSID = D:\WINDOWS\system32\urlmon.dll deflate@CLSID = D:\WINDOWS\system32\urlmon.dll gzip@CLSID = D:\WINDOWS\system32\urlmon.dll lzdhtml@CLSID = D:\WINDOWS\system32\urlmon.dll text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll HKLM\Software\Classes\PROTOCOLS\Handler\ >>> about@CLSID = %SystemRoot%\System32\mshtml.dll cdl@CLSID = D:\WINDOWS\system32\urlmon.dll dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll file@CLSID = D:\WINDOWS\system32\urlmon.dll ftp@CLSID = D:\WINDOWS\system32\urlmon.dll gopher@CLSID = D:\WINDOWS\system32\urlmon.dll http@CLSID = D:\WINDOWS\system32\urlmon.dll https@CLSID = D:\WINDOWS\system32\urlmon.dll its@CLSID = D:\WINDOWS\System32\itss.dll javascript@CLSID = %SystemRoot%\System32\mshtml.dll lid@CLSID = D:\WINDOWS\System32\msvidctl.dll local@CLSID = D:\WINDOWS\system32\urlmon.dll mailto@CLSID = %SystemRoot%\System32\mshtml.dll mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll mk@CLSID = D:\WINDOWS\system32\urlmon.dll ms-its@CLSID = D:\WINDOWS\System32\itss.dll res@CLSID = %SystemRoot%\System32\mshtml.dll sysimage@CLSID = %SystemRoot%\System32\mshtml.dll tv@CLSID = D:\WINDOWS\system32\msvidctl.dll vbscript@CLSID = %SystemRoot%\System32\mshtml.dll wia@CLSID = D:\WINDOWS\System32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{599C5DC1-18E4-48D7-B8B7-876E3A0DB6E4} /*Connessione alla rete locale (LAN)*/ >>> @IPAddress192.168.0.3 = 192.168.0.3 @NameServer193.12.150.2,212.247.152.2 = 193.12.150.2,212.247.152.2 @DefaultGateway192.168.0.1 = 192.168.0.1 @Domain = HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>> 000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll 000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll 000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll 000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll ---- EOF - GMER 1.0.13 ---- Ultima modifica di demi@n : 23-08-2007 alle 00:54. |
|
|
|
|
23-08-2007, 01:17
|
#11 |
|
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
prova
|
|
|
|
|
23-08-2007, 01:18
|
#12 |
|
Member
Iscritto dal: Jan 2007
Messaggi: 43
|
ho risolto
ho fatto una scansione con gmer e aiutandomi un po' con l'articolo di Megalab e Avenger ho fixato tutto, credo, spero...! il porblema è che a quanto ho capito ci sono un sacco di varianti in giro. Ad ogni modo sono riuscito a installare gli antivirus, eliminare i file infetti ecc. ecc... adesso posso lavorare tranquillo. Solo una cosa: il virus ha apparentemente danneggiato il Zero Configuration Service, c'è un modo per ripristinarlo? Grazie ancora a tutti per l'interessamento, W. |
|
|
|
|
23-08-2007, 01:25
|
#13 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
Quote:
http://www.zonavirus.com/datos/archi...O/EliBaglA.exe Edit: appena provato...sembra che il link non funzioni...faccio una prova Edit 2:riprova adesso
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
Ultima modifica di lancetta : 23-08-2007 alle 01:37. |
|
|
|
|
|
23-08-2007, 15:03
|
#14 |
|
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
Grazie, l'ho scaricato!
Per quanto riguarda il log di gmer l'ho per forza dovuto uploadare su freefilehosting e zippato, altrimenti eccedeva di 3 mb. Questo è l'indirizzo: http://freefilehosting.net/download/MTQ3MjE= ---------------------------------------------------------------------------------------- e questo è il log di quel programma sul link di Lancetta: Thu Aug 23 15:13:54 2007 EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Thu Aug 23 15:14:08 2007 EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad D:\ Ultima modifica di demi@n : 23-08-2007 alle 15:20. |
|
|
|
|
23-08-2007, 15:58
|
#15 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
Quote:
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
|
23-08-2007, 18:40
|
#16 |
|
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
Se vai a dare un'occhiata a questo thread http://www.hwupgrade.it/forum/showthread.php?t=1311197
e anche al mio post http://www.hwupgrade.it/forum/showpo...3&postcount=12 quello è il mio problema. Riguardo ai log di gmer che mi dici? Come mai è così lungo? Sophos Anti-Rootkit mi ha trovato 8 chiavi di registro nascoste non rimovibili (rootkit?). Il log di Hijack è pulito, quello lo so analizzare, tutto assolutamente lecito. |
|
|
|
|
24-08-2007, 18:25
|
#17 |
|
Senior Member
Iscritto dal: Apr 2007
Messaggi: 895
|
Scusa Lancetta, ma ho postato il log di gmer (e con non poca fatica per quanto è ENORME), ho scritto che Sophos mi ha trovato 8 rootkit...
Potresti darmi (tu o chiunque abbia più competenza di me), qualche maggior dettaglio? Tanto per capire... o provarci almeno! Io ho trovato la configurazione dei servizi diversa da come l'avevo impostata (e da come la imposto abitualmente), quindi li ho settati come di solito, col risultato di un SO ancora più instabile. A quel punto ne ho disabilitato uno per volta e riavviando, fino a capire qual è che proprio non vuole saperne di essere messo da parte. Indovinate un po'? Il firewall di windows!!  Ho dovuto lasciarlo per forza attivo, almeno riesco a entrare nel sistema. Però in modalità provvisoria s'incricca. Finalmente ho potuto fare anche una scansione online di bitdefender: pare che sia tutto ok... ma a me non sembra affatto ok un bel nulla!! Il log di gmer non è mai stato così lungo, e per giunta non ci capisco una sega, potreste darmi una mano per favore? |
|
|
|
|
24-08-2007, 21:14
|
#18 |
|
Junior Member
Iscritto dal: Jul 2007
Messaggi: 15
|
AIUTO!!!
AIUTO!!! Ragazzi ho bisogno del vostro aiuto.....devo avere qualche problema qualche SPYWARE e ho il computer che non va piu tanto bene....
Ho provato a fare una scansione con avg ma non ha trovato niente allora ho provato con HIJACKTHIS e volevo chiedervi se mi potete dare una mano per eliminare i file infeti.... Questo è la lista....: Logfile of HijackThis v1.99.1 Scan saved at 21.13.57, on 24/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\WINDOWS\Explorer.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\svchost.exe C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Muma10\Desktop\Nuova cartella (10)\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\Run: [NI.UWA7PT_0001_N96M1007] "C:\WINDOWS\Downloaded Program Files\UWA7PT_0001_N96M1007NetInstaller.exe" -nag O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [Klass] C:\WINDOWS\svchost.exe O4 - Startup: system.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: hadjajr.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe |
|
|
|
|
25-08-2007, 12:34
|
#20 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
Quote:
disattiva il ripristino config di sistema se non sai come fare vedi QUI link Pulizia temporanei e index:scarica ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 Avvia ATF Cleaner (se usi Firefox o Opera, selezionali dal menu in alto) metti la spunta su "Select All" per ogni browser e clicca su "Empty Selected" scarica Superantispyware aggiornalo e fagli fare una "Perform complete scan" da "scan your computer" scarica a-squared Free 3.0 aggiornalo e fagli fare una scansione completa del sistema,i 2 soft sono free ed ottimi anche per il futuro. scarica Panda Antirootkit decomprimi il file Zip, sul desktop eseguilo(da amministratore del pc) stando connesso, dovrebbe aggiornarsi automaticamente, dopodichè partirà una scansione per verificare la presenza,di eventuali rootkit, sul P.C. ed eseguire eventuali pulizie. log di hijackthis con più applicazioni possibili chiuse(emule,bit torrent,word,wmplayer ecc..)scaricalo da QUI LINK è stand alone (senza installazione)mettilo in una sua cartella dedicata, lo avvii dalla schermata clik su "do a system scan and save a logfile" ti si aprirà una schermata txt con dei dati, copi ed incolli nel prossimo post....fai anche una scansione degli ads Così:apri hijackthis clicca "open the misc tools section",click su "open ads spy",leva la spunta a "quick scan",click sul tasto "scan" e riporta qui cosa ha rilevato,se c'è qualcosa.E vediamo un pò che succede. Saluti 
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 12:49.
