Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > AV e sicurezza in generale
Ricarica la Pagina LinkOptimizer

Qualcomm Snapdragon X2 Elite: l'architettura del SoC per i notebook del 2026
Qualcomm Snapdragon X2 Elite: l'architettura del SoC per i notebook del 2026
In occasione del proprio Architecture Deep Dive 2025 Qualcomm ha mostrato in dettaglio l'architettura della propria prossima generazione di SoC destinati ai notebook Windows for ARM di prossima generazione. Snapdragon X2 Elite si candida, con sistemi in commercio nella prima metà del 2026, a portare nuove soluzioni nel mondo dei notebook sottili con grande autonomia
Recensione DJI Mini 5 Pro: il drone C0 ultra-leggero con sensore da 1 pollice
Recensione DJI Mini 5 Pro: il drone C0 ultra-leggero con sensore da 1 pollice
DJI Mini 5 Pro porta nella serie Mini il primo sensore CMOS da 1 pollice, unendo qualità d'immagine professionale alla portabilità estrema tipica di tutti i prodotti della famiglia. È un drone C0, quindi in un peso estremamente contenuto e che non richiede patentino, propone un gimbal rotabile a 225 gradi, rilevamento ostacoli anche notturno e autonomia fino a 36 minuti. Caratteristiche che rendono il nuovo drone un riferimento per creator e appassionati
ASUS Expertbook PM3: il notebook robusto per le aziende
ASUS Expertbook PM3: il notebook robusto per le aziende
Pensato per le necessità del pubblico d'azienda, ASUS Expertbook PM3 abbina uno chassis particolrmente robusto ad un pannello da 16 pollici di diagonale che avantaggia la produttività personale. Sotto la scocca troviamo un processore AMD Ryzen AI 7 350, che grazie alla certificazione Copilot+ PC permette di sfruttare al meglio l'accelerazione degli ambiti di intelligenza artificiale
Oura apre una maxi disputa sui brevetti degli smart ring: coinvolte Samsung, Zepp, Reebok e Nexxbase
Tre gruppi criminali si uniscono e creano ShinySp1d3r, un nuovo ransomware-as-a-service
BMW iX3: la Neue Klass supera i 1.000 km nel viaggio dall'Ungheria alla Germania
LinusTechTips pensa che Steam Machine dovrebbe costare 500 dollari. Valve, forse, pensa a un prezzo più alto
Black Friday Amazon: avviatori auto e accessori indispensabili alla guida a prezzi crollati
Warner e Udio depongono le armi: l'IA di Udio potrà usare il catalogo WMG
Snapdragon 8 Gen 5: il nuovo processore Qualcomm debutterà il 26 novembre
Black Friday OPPO: prezzi a picco su smartphone e auricolari – gli sconti più forti dell'anno sono partiti
Arriva il nuovo Amazon Haul per il Black Friday: 10€ di sconto su una spesa di 20€. Tantissimi bestseller quasi gratis
Mafia: Terra Madre: arriva il Free Ride update che espande notevolmente il gioco (e lo fa gratis)
L'UE approva 70 progetti (anche in Italia): ecco come l'Europa accelera sulla mobilità elettrica
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 2 di 7 < 1 2 3 4 5 6 > Ultima »
Discussione Chiusa
 
Strumenti
Old 17-08-2006, 22:04   #21
SuomiFinland
Junior Member
 
Iscritto dal: Aug 2006
Messaggi: 18
Stesso problema.
Ciao a tutti,
mi permetto di intromettermi nella discussione e di postare i risultati ottenuti con Gmer e Avenger dopo che ho tentato (spero avendo fortuna) di risolvere il problema grazie a voi.

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-17 21:38:28
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
WgaLogon@DLLName = WgaLogon.dll
WRNotifier@DLLName = WRLogonNTF.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SecRdl /*SecRdl*/@ = "C:\Programmi\File comuni\System\MGP.exe" /*file not found*/
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LaunchAppAlaunch = Alaunch
@ATIModeChangeAti2mdxx.exe = Ati2mdxx.exe
@AtiPTAatiptaxx.exe = atiptaxx.exe
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@gcasServ"C:\Programmi\Microsoft AntiSpyware\gcasServ.exe" = "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Classes\.scr@ = "%1" /S "%3"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{9EF34FF2-3396-4527-9D27-04C8C1C67806}C:\Programmi\Microsoft AntiSpyware\shellextension.dll = C:\Programmi\Microsoft AntiSpyware\shellextension.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{F802F260-519B-11D1-BB5D-0060974C6013} /*ICQ Shell Extension*/(null) =
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{DDD2F80B-A7C2-FDFD-7FA6-A7BAB32A37BD}C:\WINDOWS\sguii1.dll /*file not found*/ = C:\WINDOWS\sguii1.dll /*file not found*/

HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\ssstars.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.10 ----

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-17 21:54:44
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{739FC890-0853-4B16-A843-669811512D8B}

---- EOF - GMER 1.0.10 ----

Successivamente ho fatto anche l'Hijackthis, ma continuavaono a rimanermi le seguenti voci:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {DDD2F80B-A7C2-FDFD-7FA6-A7BAB32A37BD} - C:\WINDOWS\sguii1.dll (file missing)
Che c'erano anche prima.
Li ho poi tolti fissandoli con Hijackthis, con il pc in modalità provvisoria, e per ora non li ho più, ma devo essere tranquillo o temere che tornino?
Grazie!
Ultima modifica di SuomiFinland : 17-08-2006 alle 22:19.
SuomiFinland è offline  
Old 18-08-2006, 02:26   #22
JohnPetrucci2006
Junior Member
 
Iscritto dal: Aug 2006
Messaggi: 5
Nuovo log di HjackThis

Logfile of HijackThis v1.99.1
Scan saved at 2.24.49, on 18/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis-1\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O8 - Extra context menu item: Scaricare usando &BitSpirit
- C:\Programmi\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\programmi\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1155752037345
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155752023055
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.wintipsitalia.net/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6628A9-E7EC-4372-A1C3-5C774E75018E}: NameServer = 212.216.112.112 212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: RPC32 Locator (RPC32) - Unknown owner - c:\windows\RPC.bat (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Mentre quello di Gmer(AUTOSTART)

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-18 01:32:34
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * stera /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Diskeeper /*Diskeeper*/@ = C:\Programmi\Executive Software\Diskeeper\DkService.exe
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
MacFormatService@ = "C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RPC32 /*RPC32 Locator*/@ = c:\windows\RPC.bat /*file not found*/
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Firewall della connessione Internet (ICF) / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
uploadmgr /*Upload Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTStartupC:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run \?? p?? w^?s??? ?>?wH ?w???????w*??w4 U??w4 D8?s4 ? ? ?&2 ??? \?? \?? ??? ?H?s? ? 3Confusedw? ? ?T?w?U?w\?? \?? ??? h"` ??? ?C@ \?? \?? ???s? ? \?? ???s\?? ?&2 d??s?&2 ?C@ x?? ???sx?? ?;?w\?? ??@ /*file not found*/ = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run \?? p?? w^?s??? ?>?wH ?w???????w*??w4 U??w4 D8?s4 ? ? ?&2 ??? \?? \?? ??? ?H?s? ? 3Confusedw? ? ?T?w?U?w\?? \?? ??? h"` ??? ?C@ \?? \?? ???s? ? \?? ???s\?? ?&2 d??s?&2 ?C@ x?? ???sx?? ?;?w\?? ??@ /*file not found*/
@WINDVDPatchCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@NeroFilterCheckC:\WINDOWS\System32\NeroCheck.exe = C:\WINDOWS\System32\NeroCheck.exe
@MacLicense"C:\Program Files\Conversions Plus\MacLic.exe" = "C:\Program Files\Conversions Plus\MacLic.exe"
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@Jet DetectionC:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MessengerPlus3"C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart = "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\System32\wuaucpl.cpl = C:\WINDOWS\System32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensioni di shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/(null) =
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v7*/(null) =
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealOne Player\rpplugins\ierpplug.dll = C:\Programmi\Real\RealOne Player\rpplugins\ierpplug.dll
@{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} /*The Core Media Player Shell Extension*/C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL = C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL
@{8F7261D0-D2B9-11D2-9909-00605205B24C} /*CuteFTP Shell Extension*/C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/F:\Programmi\SmartFTP\smarthook.dll = F:\Programmi\SmartFTP\smarthook.dll
@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} /*Tauscan Menu*/C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{A0752130-6D75-D111-B5B1-0800095A2318} /*HandyBits File Shredder Virtual Folder*/C:\WINDOWS\System32\tsseShrd.dll = C:\WINDOWS\System32\tsseShrd.dll
@{A5110426-177D-4e08-AB3F-785F10B4439C} /*Telefoni personali*/C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll = C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\System32\AcSignIcon.dll = C:\WINDOWS\System32\AcSignIcon.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{68B60101-A3FD-11CE-B193-00400143068B} /*MacOpener ShellExtension Format Menu*/C:\Program Files\Conversions Plus\MACOPEN.DLL = C:\Program Files\Conversions Plus\MACOPEN.DLL
@{68B60201-A3FD-11CE-B193-00400143068B} /*MacOpener ShellExtension Common Property Sheet*/C:\Program Files\Conversions Plus\MACOPEN.DLL = C:\Program Files\Conversions Plus\MACOPEN.DLL
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\System32\Audiodev.dll = %SystemRoot%\System32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\System32\Audiodev.dll = %SystemRoot%\System32\Audiodev.dll
@{92085AD4-F48A-450D-BD93-B28CC7DF67CE} /*eBay Toolbar*/C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll /*file not found*/ = C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll /*file not found*/
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{8EE3B2A9-8076-4DC1-8BB3-B8A607950903} /*SxExtractImage*/D:\ACCA\EdiLus-CA\EdiLus_PV.DLL = D:\ACCA\EdiLus-CA\EdiLus_PV.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
DataVizMenu@{1f0c0580-d3fa-11cf-92b8-0020afd3f438} = C:\Program Files\Conversions Plus\dvzext.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\File comuni\KAV Shared Files\AvpShlEx.dll /*file not found*/
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
SharedMenuHandler@{916F1ADF-2F02-46C2-B7D2-310468390750} = ssmenu.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
ShredderMenu@{A0752130-6D75-D111-B5B1-0800095A2318} = C:\WINDOWS\System32\tsseShrd.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
SharedMenuHandler@{916F1ADF-2F02-46C2-B7D2-310468390750} = ssmenu.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShredderMenu@{A0752130-6D75-D111-B5B1-0800095A2318} = C:\WINDOWS\System32\tsseShrd.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v7@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
DataVizMenu@{1f0c0580-d3fa-11cf-92b8-0020afd3f438} = C:\Program Files\Conversions Plus\dvzext.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\File comuni\KAV Shared Files\AvpShlEx.dll /*file not found*/
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
Tauscan Menu@{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} = C:\Programmi\Agnitum\Tauscan 1.6\Taumenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{A5366673-E8CA-11D3-9CD9-0090271D075B}C:\PROGRA~1\FlashGet\jccatch.dll = C:\PROGRA~1\FlashGet\jccatch.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.msn.com/ = http://www.msn.com/
@Start Pagehttp://www.msn.com/ = http://www.msn.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINDOWS\System32\mscoree.dll
application/x-complus@CLSID = C:\WINDOWS\System32\mscoree.dll
application/x-msdownload@CLSID = C:\WINDOWS\System32\mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = %SystemRoot%\System32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CFD642FB-227C-4537-9E95-44C82C1DD5AC} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.100.10 = 192.168.100.10
@DefaultGateway192.168.100.10 = 192.168.100.10
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018@PackedCatalogItem = C:\Programmi\BulletProofSoft.com\BPS Spyware & Adware Remover\AppToPort.dll /*file not found*/

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Digisoft AntiDialer.lnk = Digisoft AntiDialer.lnk
MacName.lnk = MacName.lnk

---- EOF - GMER 1.0.10 ----
Ascolta ho questo problema...quando apro firefox...lui mi scarica sempre questo file:
http://www.dse.uniba.it/Corsi/docent.../6175-8_20.ppt

cosa devo fare???...Grazieeeee!!
JohnPetrucci2006 è offline  
Old 18-08-2006, 11:48   #23
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da JohnPetrucci2006

---- EOF - GMER 1.0.10 ----
Ascolta ho questo problema...quando apro firefox...lui mi scarica sempre questo file:
http://www.dse.uniba.it/Corsi/docent.../6175-8_20.ppt

cosa devo fare???...Grazieeeee!!
Questo:

O10 - Broken Internet access because of LSP provider 'c:\programmi\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing

puoi fixarlo tramite il programma lspfix di www.cexx.org

Per il resto non vedo altri problemi, per quanto riguarda firefox potrebbe essere semplicemente una homepage settata su quel file.. Hai controllato nelle opzioni di firefox la home page?
Per quanto riguarda la connessione che cade, che tipo di connessione è? E ti compare qualche messaggio?
__________________
Without Contraries is no Progression...
bReAkDoWn è offline  
Old 18-08-2006, 11:54   #24
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da SuomiFinland
Ciao a tutti,
mi permetto di intromettermi nella discussione e di postare i risultati ottenuti con Gmer e Avenger dopo che ho tentato (spero avendo fortuna) di risolvere il problema grazie a voi.

Successivamente ho fatto anche l'Hijackthis, ma continuavaono a rimanermi le seguenti voci:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {DDD2F80B-A7C2-FDFD-7FA6-A7BAB32A37BD} - C:\WINDOWS\sguii1.dll (file missing)
Che c'erano anche prima.
Li ho poi tolti fissandoli con Hijackthis, con il pc in modalità provvisoria, e per ora non li ho più, ma devo essere tranquillo o temere che tornino?
Grazie!
Puoi ricontrollare periodicamente per un un paio di giorni, quando riavvii il pc ad esempio, e poi se non ricompaiono puoi essere tranquillo. Nel senso che questa "infezione" è debellata. Poi per non prenderne altre tieni il sistema aggiornato e segui le solite precauzioni
__________________
Without Contraries is no Progression...
bReAkDoWn è offline  
Old 18-08-2006, 12:57   #25
JohnPetrucci2006
Junior Member
 
Iscritto dal: Aug 2006
Messaggi: 5
Quote:
Originariamente inviato da bReAkDoWn
Questo:

O10 - Broken Internet access because of LSP provider 'c:\programmi\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing

puoi fixarlo tramite il programma lspfix di www.cexx.org

Per il resto non vedo altri problemi, per quanto riguarda firefox potrebbe essere semplicemente una homepage settata su quel file.. Hai controllato nelle opzioni di firefox la home page?
Per quanto riguarda la connessione che cade, che tipo di connessione è? E ti compare qualche messaggio?
Posso eliminare lo 010 con HjackThis...oppure come fare..con quale programma di quel sitoo?Grazie in anticipo...cmq la mia e' un'alice 4 mega e da quando ho preso LINKOPTIMIZER che la mia linea cade...
JohnPetrucci2006 è offline  
Old 18-08-2006, 13:31   #26
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da JohnPetrucci2006
Posso eliminare lo 010 con HjackThis...oppure come fare..con quale programma di quel sitoo?Grazie in anticipo...cmq la mia e' un'alice 4 mega e da quando ho preso LINKOPTIMIZER che la mia linea cade...
http://www.cexx.org/lspfix.htm scegli ed elimini il file riportato da hijackthis.. per il resto intendo dire che modem hai, se è usb, ethernet, router, ecc.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline  
Old 22-08-2006, 13:14   #27
ValterManetta
Senior Member
 
L'Avatar di ValterManetta
 
Iscritto dal: Sep 2004
Città: Vittorio Veneto TV
Messaggi: 444
DEVE AVERMI INFETTATO
penso di averlo preso questo maledetto linkoptimizer.
Ewido, Spybot, F-PROT, hijackThis, non mi trovano niente!!!
Ho però in C:\ Document and Setting. due account nuovi dal nome illegibile:oNOXk e gdGpeAoz.
La guida mi sembra molto complicata, ke sia il caso di riformattare????
O ci sono anke in questo caso controindicazioni!!!
Grazie Bye
__________________
valter
-------------------
ValterManetta è offline  
Old 22-08-2006, 13:49   #28
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da ValterManetta
penso di averlo preso questo maledetto linkoptimizer.
Ewido, Spybot, F-PROT, hijackThis, non mi trovano niente!!!
Ho però in C:\ Document and Setting. due account nuovi dal nome illegibile:oNOXk e gdGpeAoz.
La guida mi sembra molto complicata, ke sia il caso di riformattare????
O ci sono anke in questo caso controindicazioni!!!
Grazie Bye
le controindicazioni sono che devi reinstallare i programmi perdendo le configurazioni ecc, e che se hai una partizione sola devi anche fare il backup dei dati.
Con una scansione di gmer postando i log e uno script di the avenger puoi già risolvere il tutto, anche se a volte può capitare qualche imprevisto che può allungare la procedura.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline  
Old 22-08-2006, 14:09   #29
ValterManetta
Senior Member
 
L'Avatar di ValterManetta
 
Iscritto dal: Sep 2004
Città: Vittorio Veneto TV
Messaggi: 444
Quote:
Originariamente inviato da bReAkDoWn
le controindicazioni sono che devi reinstallare i programmi perdendo le configurazioni ecc, e che se hai una partizione sola devi anche fare il backup dei dati.
Con una scansione di gmer postando i log e uno script di the avenger puoi già risolvere il tutto, anche se a volte può capitare qualche imprevisto che può allungare la procedura.
--------------------------------------------------------------------
dove ho questo problema, l'HD ha due partizioni, una con il SO. e non molti programmi, l'altra dove ho spostato i documenti i driver, le immagini ecc.
questo pc fa da server e sono collegati in lan altri due pc.
quindi, si potrebbero infettare anche gli altri due??
formattando, basta farlo solo su C:? non è ke il virus abbia messo le radici anke in D:backup??? (domanda da niubbio)
cmq, x il momento faccio a meno collegarmi a siti (tipo banca) dove devo immettere nikname e password e vedo di seguire le Vs. istruzioni.
grazie, Bye
__________________
valter
-------------------
ValterManetta è offline  
Old 22-08-2006, 14:42   #30
Hidro
Senior Member
 
L'Avatar di Hidro
 
Iscritto dal: Feb 2003
Città: Ancona
Messaggi: 313
Ragazzi, mi permetto di intromettermi nella discussione per non aprire un nuovo thread visto che il problema sembra essere lo stesso...

In pratica ci sono dei file sospetti con nomi stranissimi in C:\Programmi\File comuni\System che non è possibile cancellare (accesso negato) e che si ricreano ad ogni riavvio...

Nel frattempo c'è un servizio strano in strumenti amministrazione che si chiama Netpdp, il cui file eseguibile corrisponde sempre ad uno di quelli della cartella system in file comuni...

Ovviamente fatto scansioni con Nod32, Kaspersky, Bitdefender, ewido, ad-aware che non trovano nulla.

Anche dal log di hijackthis niente di strano.


Ora sono passato alla scansione con Gmer e vi posto i log:



GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-22 14:02:54
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = C:\WINDOWS\system32:ntmsmun.msc

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
NetPdp /*NetPdp*/@ = "C:\Programmi\File comuni\System\Jyn.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@IntelliPoint"C:\Programmi\Microsoft IntelliPoint\point32.exe" = "C:\Programmi\Microsoft IntelliPoint\point32.exe"
@nwiznwiz.exe /install = nwiz.exe /install
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplwir.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplwhl.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplact.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplbtn.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplbtn.dll"
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.10 ----





GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-22 14:05:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867DB0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86793A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86793A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86793A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86793A40
Device \Driver\00000043 \Device\00000045 IRP_MJ_SYSTEM_CONTROL [F7414A26] sptd.sys
Device \Driver\00000043 \Device\00000045 IRP_MJ_DEVICE_CHANGE [F7428BD8] sptd.sys
Device \Driver\00000043 \Device\00000045 IRP_MJ_PNP_POWER [F742154E] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{93F170FC-74C1-45E0-841B-AEBA36FF1ED8} IRP_MJ_CREATE 8530E810
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86793C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86793C78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8665E0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 852FAEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8665E0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8530E810
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8530E810
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 867934D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 852F9B20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 85332460
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86793C78
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 85332EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 866126D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 866126D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8532D610
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85246EB0

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\kvdfi1.dll
File C:\WINDOWS\kvdfi1.upd
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----




Grazie mille in anticipo per l'aiuto
Hidro è offline  
Old 22-08-2006, 15:11   #31
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da Hidro
Ragazzi, mi permetto di intromettermi nella discussione per non aprire un nuovo thread visto che il problema sembra essere lo stesso...

In pratica ci sono dei file sospetti con nomi stranissimi in C:\Programmi\File comuni\System che non è possibile cancellare (accesso negato) e che si ricreano ad ogni riavvio...

Nel frattempo c'è un servizio strano in strumenti amministrazione che si chiama Netpdp, il cui file eseguibile corrisponde sempre ad uno di quelli della cartella system in file comuni...

Ovviamente fatto scansioni con Nod32, Kaspersky, Bitdefender, ewido, ad-aware che non trovano nulla.

Anche dal log di hijackthis niente di strano.


Ora sono passato alla scansione con Gmer e vi posto i log:



GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-22 14:02:54
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = C:\WINDOWS\system32:ntmsmun.msc

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
NetPdp /*NetPdp*/@ = "C:\Programmi\File comuni\System\Jyn.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@IntelliPoint"C:\Programmi\Microsoft IntelliPoint\point32.exe" = "C:\Programmi\Microsoft IntelliPoint\point32.exe"
@nwiznwiz.exe /install = nwiz.exe /install
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplwir.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplwhl.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplact.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplbtn.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplbtn.dll"
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

---- EOF - GMER 1.0.10 ----





GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-22 14:05:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867DB0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86793A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86793A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86793A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86793A40
Device \Driver\00000043 \Device\00000045 IRP_MJ_SYSTEM_CONTROL [F7414A26] sptd.sys
Device \Driver\00000043 \Device\00000045 IRP_MJ_DEVICE_CHANGE [F7428BD8] sptd.sys
Device \Driver\00000043 \Device\00000045 IRP_MJ_PNP_POWER [F742154E] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{93F170FC-74C1-45E0-841B-AEBA36FF1ED8} IRP_MJ_CREATE 8530E810
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86793C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86793C78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8665E0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 852FAEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 852FAEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8665E0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8530E810
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8530E810
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 867934D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 852F9B20
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 852F9B20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 85332460
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 85332460
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86793C78
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 85332EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 866126D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 866126D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8532D610
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85246EB0

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\kvdfi1.dll
File C:\WINDOWS\kvdfi1.upd
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----




Grazie mille in anticipo per l'aiuto
Allora, seguendo le istruzioni di uno dei precedenti msg di questo thread, esegui il seguente script con the avenger:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\kvdfi1.dll
C:\WINDOWS\kvdfi1.upd
C:\Programmi\File comuni\System\Jyn.exe

Dopo questi passaggi il malware dovrebbe essere inattivo. Resta un ads in C:\WINDOWS\system32:ntmsmun.msc ma a quel punto sarà innocuo. Per toglierlo procurati il programma adsspy di merijn, fai una scansione di c:\windows e se lo rileva eliminalo.

PS: prima di fare queste operazioni, prima di theavenger, mi faresti un favore? potresti postare un log di hijackthis, a pc ancora infetto; vorrei vedere come rileva alcune di queste info.

Ciao!
__________________
Without Contraries is no Progression...
bReAkDoWn è offline  
Old 22-08-2006, 15:19   #32
Hidro
Senior Member
 
L'Avatar di Hidro
 
Iscritto dal: Feb 2003
Città: Ancona
Messaggi: 313
Logfile of HijackThis v1.99.1
Scan saved at 15.18.09, on 22/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Iron\Documenti\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B2CF9C3-4A02-43BE-B565-5A0C197C71A5}: NameServer = 85.37.17.57 85.38.28.80
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



Ecco il log di hijackthis
Hidro è offline  
Old 22-08-2006, 15:26   #33
Hidro
Senior Member
 
L'Avatar di Hidro
 
Iscritto dal: Feb 2003
Città: Ancona
Messaggi: 313
Eseguita la procedura con The avenger il problema però sembra non essere risolto... in C:\Programmi\File comuni\System continuano a crearsi i file ad ogni riavvio. In pratica ad ogni riavvio se ne crea uno nascosto che al riavvio seguente diventa visibile e via via così. Come se fosse una catena, quello nascosto diventa visibile e nel frattempo al riavvio seguente se ne crea un altro nascosto...
Hidro è offline  
Old 22-08-2006, 16:28   #34
ValterManetta
Senior Member
 
L'Avatar di ValterManetta
 
Iscritto dal: Sep 2004
Città: Vittorio Veneto TV
Messaggi: 444
Come dettomi, posto i log di GMER sperando di aver eseguito tutto bene (sono un po' vecchiotto) premetto però ke stamane avevo cancellato le cartelle di Java e in C:\ Programmi\FileComuni\MicrosoftShared\GIN.exe ho cambiato il file in GIN.old xkè non riuscivo eliminarlo, ma non l'ho eliminato lo stesso: accesso negato.
2) la scansione rootkit ke è durata circa 3/4 d'ora, l'ho eseguita subito dopo la prima, "autostart", mi è risultato un piccolo log, spero non si dovesse chiudere tutto e rilanciare GMER.
Grazie x gli aiuti

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-22 15:35:50
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe

ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1

ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off

MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
EPSON_PM_RPCV2_01 /*EPSON V3 Service2(03)*/@ = C:\WINDOWS\system32\E_S00RP1.EXE
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
F-Prot Antivirus Update Monitor /*F-Prot Antivirus Update Monitor*/@ = "C:\Programmi\FSI\F-Prot\fpavupdm.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvGmp /*SrvGmp*/@ = "C:\Programmi\File comuni\Microsoft Shared\GlN.exe" /*file not found*/
UpdUxq /*UpdUxq*/@ = "C:\Programmi\File comuni\System\LvY.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@FRISK FP-SchedulerC:\Programmi\FSI\F-Prot\F-Sched.exe STARTUP = C:\Programmi\FSI\F-Prot\F-Sched.exe STARTUP
@F-StopWC:\Programmi\FSI\F-Prot\F-StopW.EXE = C:\Programmi\FSI\F-Prot\F-StopW.EXE
@GSICONEXEGSICON.EXE = GSICON.EXE
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@EPSON Stylus Photo R220 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220

Series" /O6 "USB001" /M "Stylus Photo R220" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON

Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} =

C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not

found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %

SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32

\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%

\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll =

C:\Programmi\WinRAR\rarext.dll
@{1474F601-9B4B-4EB0-81FA-20F753C0E1A4} /*FRISK extension*/C:\Programmi\FSI\F-Prot\shexthk.dll = C:\Programmi\FSI\F-

Prot\shexthk.dll
@{E443A8D5-D905-4401-8789-16AE23A8A96D} /*FRISK extension*/C:\Programmi\FSI\F-Prot\shexthk.dll = C:\Programmi\FSI\F-

Prot\shexthk.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll =

C:\WINDOWS\system32\upnpui.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

/*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
FRISK@{1474F601-9B4B-4EB0-81FA-20F753C0E1A4} = C:\Programmi\FSI\F-Prot\shexthk.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =

C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll =

C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll /*file not found*/ =

C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll /*file not found*/
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar1.dll__BHODemonDisabled /*file not found*/ =

c:\programmi\google\googletoolbar1.dll__BHODemonDisabled /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome =

http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home =

http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5AF2526F-0418-42D5-ABEC-F61B2938F6D4} /*Connessione

alla rete locale (LAN) 2*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =


---- EOF - GMER 1.0.10 ----



GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-22 16:10:27
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----
__________________
valter
-------------------
ValterManetta è offline  
Old 22-08-2006, 16:35   #35
lucas84
Senior Member
 
L'Avatar di lucas84
 
Iscritto dal: Aug 2005
Messaggi: 1267
Ciao,scarica questo tool da qui
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

Avvia il programma,clicca su Start
Attendi e si apre una finestra(tipo risorse del computer)

Clicca sul disco C:\
scorri l'albero fino a questo percorso
C:\Programmi\File comuni\System
Adesso seleziona il file LvY.exe
Una finestra si aprirà "File LvY.exe selected for cleaning."
Do you want to continue?"
Clicca su Yes
Una finestra ti avviserà dell'operazione conclusa,ripeti questa operazione per tutti i files verdi che trovi in queste 2 directory
C:\Programmi\File comuni\System
C:\Programmi\File comuni\Microsoft Shared

Ciao
Ultima modifica di lucas84 : 22-08-2006 alle 16:38.
lucas84 è offline  
Old 22-08-2006, 16:51   #36
ValterManetta
Senior Member
 
L'Avatar di ValterManetta
 
Iscritto dal: Sep 2004
Città: Vittorio Veneto TV
Messaggi: 444
Quote:
Originariamente inviato da lucas84
Ciao,scarica questo tool da qui
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

Avvia il programma,clicca su Start
Attendi e si apre una finestra(tipo risorse del computer)

Clicca sul disco C:\
scorri l'albero fino a questo percorso
C:\Programmi\File comuni\System
Adesso seleziona il file LvY.exe
Una finestra si aprirà "File LvY.exe selected for cleaning."
Do you want to continue?"
Clicca su Yes
Una finestra ti avviserà dell'operazione conclusa,ripeti questa operazione per tutti i files verdi che trovi in queste 2 directory
C:\Programmi\File comuni\System
C:\Programmi\File comuni\Microsoft Shared

Ciao
grazie x l'aiuto ma x files verdi intendi quelle iconette azzurre con quel disegnino a forma (quasi) di otto verdi??
Ho gia cancellato LvY.exe e GIN.exe ke però quet'ultimo non aveva quell'icona xkè l'avevo rinominato in old.
grazie Bye
__________________
valter
-------------------
ValterManetta è offline  
Old 22-08-2006, 16:57   #37
lucas84
Senior Member
 
L'Avatar di lucas84
 
Iscritto dal: Aug 2005
Messaggi: 1267
Ciao,apri il prompt dos e digita:
cd C:\programmi\file comuni\system <----dai l'invio
dir > c:\files.txt <----dai l'invio

cd C:\Programmi\File comuni\Microsoft Shared <----dai l'invio
dir > c:\files1.txt <----dai l'invio

Apri C:\ dovresti avere il file files.txt e files1.txt per piacere posta il contenuto dei 2 files

Grazie
lucas84 è offline  
Old 22-08-2006, 19:20   #38
Hidro
Senior Member
 
L'Avatar di Hidro
 
Iscritto dal: Feb 2003
Città: Ancona
Messaggi: 313
Sembra sia riuscito a risolvere
Dei file sospetti nella cartella file comuni, più nessuna traccia... è scomparso anche il servizio strano da strumenti amministrazione...

L'unica cosa è che non riesco ad eliminare con adsspy l'ads in C:\WINDOWS\system32:ntmsmun.msc perchè mi dice che è bloccato...

Cosa dovrei fare ora?


Inoltre, è possibile riavere di nuovo lo stesso problema?
Se sì, che potrei fare per prevenirlo?

Ultima modifica di Hidro : 22-08-2006 alle 19:24.
Hidro è offline  
Old 22-08-2006, 19:28   #39
ValterManetta
Senior Member
 
L'Avatar di ValterManetta
 
Iscritto dal: Sep 2004
Città: Vittorio Veneto TV
Messaggi: 444
Quote:
Originariamente inviato da lucas84
Ciao,apri il prompt dos e digita:
cd C:\programmi\file comuni\system <----dai l'invio
dir > c:\files.txt <----dai l'invio

cd C:\Programmi\File comuni\Microsoft Shared <----dai l'invio
dir > c:\files1.txt <----dai l'invio
Grazie
------------------------------------------------------------
finalmente sono riuscito connettermi senza riavviare il pc x non perdere le impostazioni, xkè si è impallato, poi è stata una pena a digitare nel prompt xkè mi dava comando non conosciuto, forse non digitavo ">" dopo dir o lo digitavo alla rovescia"<" xkè mi confondevo con quello "<---- dai l'invio" ke dovrebbe significare solo una freccia d'indicazione e non da scrivere!!!!
ecco i files:
Il volume nell'unit… C Š XPSP2
Numero di serie del volume: CCAD-937B

Directory di C:\Programmi\File comuni\System

22/08/2006 16.42 <DIR> .
22/08/2006 16.42 <DIR> ..
06/09/2004 21.35 <DIR> ado
19/08/2004 15.39 81.408 directdb.dll
15/04/2006 11.43 <DIR> msadc
23/07/2006 11.17 <DIR> Ole DB
17/03/2006 11.11 510.464 wab32.dll
19/08/2004 15.38 254.976 wab32res.dll
3 File 846.848 byte
5 Directory 5.278.724.096 byte disponibili

secondo:

Il volume nell'unit… C Š XPSP2
Numero di serie del volume: CCAD-937B

Directory di C:\Programmi\File comuni\Microsoft Shared

22/08/2006 16.43 <DIR> .
22/08/2006 16.43 <DIR> ..
23/07/2006 11.17 <DIR> Artgalry
23/07/2006 11.17 <DIR> Clipart
23/07/2006 11.16 <DIR> DAO
11/10/2005 12.57 <DIR> Elementi decorativi
23/07/2006 11.17 <DIR> Euro
27/07/2006 11.43 <DIR> Grphflt
23/07/2006 11.17 <DIR> MSInfo
27/07/2006 11.43 <DIR> PhotoEd
23/07/2006 11.17 <DIR> Proof
23/07/2006 11.17 <DIR> Reference Titles
06/09/2004 23.22 <DIR> Speech
23/07/2006 11.17 <DIR> TextConv
23/07/2006 11.16 <DIR> Themes
10/02/2005 21.27 <DIR> Triedit
23/07/2006 11.17 <DIR> VBA
06/09/2004 21.35 <DIR> VGX
06/09/2004 21.47 <DIR> Web Folders
06/09/2004 21.39 <DIR> web server extensions
0 File 0 byte
20 Directory 5.278.720.000 byte disponibili
grazi ancora, bye
__________________
valter
-------------------
ValterManetta è offline  
Old 22-08-2006, 22:33   #40
ValterManetta
Senior Member
 
L'Avatar di ValterManetta
 
Iscritto dal: Sep 2004
Città: Vittorio Veneto TV
Messaggi: 444
Quote:
Originariamente inviato da ValterManetta
grazie x l'aiuto ma x files verdi intendi quelle iconette azzurre con quel disegnino a forma (quasi) di otto verdi??
Ho gia cancellato LvY.exe e GIN.exe ke però quet'ultimo non aveva quell'icona xkè l'avevo rinominato in old.
grazie Bye
ti disturbo ancora: devo cancellare tutti quei file che hanno l'icona uguale a quelle segnate?
allego il link...

http://img116.imageshack.us/img116/707/immaginema5.jpg
__________________
valter
-------------------
ValterManetta è offline  
Pagina 2 di 7 < 1 2 3 4 5 6 > Ultima »
 Discussione Chiusa

« Discussione precedente | Discussione successiva »

Qualcomm Snapdragon X2 Elite: l'architettura del SoC per i notebook del 2026 Qualcomm Snapdragon X2 Elite: l'architettura del...
Recensione DJI Mini 5 Pro: il drone C0 ultra-leggero con sensore da 1 pollice Recensione DJI Mini 5 Pro: il drone C0 ultra-leg...
ASUS Expertbook PM3: il notebook robusto per le aziende ASUS Expertbook PM3: il notebook robusto per le ...
Test ride con Gowow Ori: elettrico e off-road vanno incredibilmente d'accordo Test ride con Gowow Ori: elettrico e off-road va...
Recensione OnePlus 15: potenza da vendere e batteria enorme dentro un nuovo design Recensione OnePlus 15: potenza da vendere e batt...
Oura apre una maxi disputa sui brevetti ...
Tre gruppi criminali si uniscono e crean...
BMW iX3: la Neue Klass supera i 1.000 km...
LinusTechTips pensa che Steam Machine do...
Black Friday Amazon: avviatori auto e ac...
Warner e Udio depongono le armi: l'IA di...
Snapdragon 8 Gen 5: il nuovo processore ...
Black Friday OPPO: prezzi a picco su sma...
Arriva il nuovo Amazon Haul per il Black...
Mafia: Terra Madre: arriva il Free Ride ...
L'UE approva 70 progetti (anche in Itali...
Nuovo Cayenne Electric: è la Pors...
Adobe acquisisce Semrush per 1,9 miliard...
Black Friday Ecovacs: i migliori robot a...
Prime Video lancia i Video Recaps: la fu...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 13:26.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Served by www3v