www.MegaLab.it

da **Lorxx** » mer feb 28, 2007 9:02 pm

Ciao di nuovo...ho ancora un'altro problema: come antivirus ho Avast ma, per al prima volta, quando va per aggiornarsi da solo, non ci riesce e mi dice che il codice non è valido....come devo fare????? [8)]

da **Amantide** » mer feb 28, 2007 10:13 pm

Che genere di codice non è valido? Quello della registrazione di Avast o qualche altro? Cerca di essere un po' più specifico.

da **Lorxx** » ven mar 02, 2007 7:07 pm

Mi dice che la licenza del programma non è valida...che fare???

da **Amantide** » ven mar 02, 2007 7:16 pm

Lorxx ha scritto:Mi dice che la licenza del programma non è valida...che fare???

Comprare la licenza? [uhm]

...oppure usare la versione free del programma... [fischio]

da **Lorxx** » ven mar 02, 2007 8:43 pm

Ok grazie....ho scaricato quello free!!! [^]

da **Lorxx** » sab mar 03, 2007 7:10 pm

ora mi sono installato la versione free...ma ho 1 problema...praticamente l'icona di avast che dovrebbe stare in fondo al destra del desktop, appare con non si muove e davanti c'è un simbolo rosso. Una volta cliccato su questa icona, avast ha un problema e si chiude...come conseguenza Windows dice che non c'è nessun antivirus attivo.....che fare???? [V]

da **Amantide** » sab mar 03, 2007 7:50 pm

Non è che ti sei ribeccato il Bagle? Hai provato a vedere se riesci ad installare qualche altro antivirus e se questo poi funziona bene?

da **Lorxx** » sab mar 03, 2007 8:33 pm

Ora quell'icona funziona, ma nonostante aver installato la versione free, non si aggiorna ancora, dice che la licenza non è valida....allora???

da **crazy.cat** » sab mar 03, 2007 8:35 pm

Lorxx ha scritto:Ora quell'icona funziona, ma nonostante aver installato la versione free, non si aggiorna ancora, dice che la licenza non è valida....allora???

Installa questo
http://www.activevirusshield.com/antivi ... /index.adp?

da **Lorxx** » sab mar 03, 2007 8:36 pm

ma cos'è un antivirus???

da **crazy.cat** » sab mar 03, 2007 8:46 pm

Lorxx ha scritto:ma cos'è un antivirus???

Si.

da **Tiuzzo** » dom mar 04, 2007 2:27 pm

BilloKenobi ha scritto:hai trovato il forum giusto. la nostra bella mod amantide ha scritto un articolo sul virus che ti affligge. il bagle. se hai problemi di comprensione, ti aiuterà lei, che tra noi di certo è quella che ci ha fatto più le ossa

http://www.MegaLab.it/2657

Ho lo stesso problema e ho cercato di seguire la guida ma non riesco a formulare quella stringa da passare a gmer...
inoltre non riesco a trovare il processo chiamato "hldrrr.exe" nel task manager uffa sono nel panico devo anche fare una relazione per martedì e sono senza pc... [cry+]

[code]GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-04 13:24:13
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\Documents and Settings\Pc\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\Documents and Settings\Pc\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\new_drv.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\new_drv.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Pc\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KiDispatchInterrupt + BA 804DB92E 7 Bytes JMP EEDA53C0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 3 Bytes JMP EEDA2400 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous + 4 804E8756 1 Byte [ 6E ]
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804FBE09 5 Bytes JMP EEDA1F00 \??\C:\WINDOWS\system32\drivers\klif.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\svchost.exe[184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009C27C2
.text C:\WINDOWS\system32\svchost.exe[184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009C278D
.text C:\WINDOWS\system32\svchost.exe[184] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 009C1912
.text C:\WINDOWS\system32\svchost.exe[184] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 009C1804
.text C:\WINDOWS\system32\svchost.exe[184] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 009C24D0
.text C:\WINDOWS\system32\svchost.exe[184] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 009C2406
.text C:\WINDOWS\system32\svchost.exe[184] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 009C2642
.text C:\WINDOWS\system32\svchost.exe[184] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 009C2628
.text C:\WINDOWS\system32\svchost.exe[184] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 009C188B
.text C:\WINDOWS\system32\nipalsm.exe[476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008D27C2
.text C:\WINDOWS\system32\nipalsm.exe[476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008D278D
.text C:\WINDOWS\system32\nipalsm.exe[476] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 008D1912
.text C:\WINDOWS\system32\nipalsm.exe[476] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 008D1804
.text C:\WINDOWS\system32\nipalsm.exe[476] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 008D24D0
.text C:\WINDOWS\system32\nipalsm.exe[476] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 008D2406
.text C:\WINDOWS\system32\nipalsm.exe[476] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 008D2642
.text C:\WINDOWS\system32\nipalsm.exe[476] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 008D2628
.text C:\WINDOWS\system32\nipalsm.exe[476] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 008D188B
.text C:\WINDOWS\system32\nipalsm.exe[492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AD27C2
.text C:\WINDOWS\system32\nipalsm.exe[492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AD278D
.text C:\WINDOWS\system32\nipalsm.exe[492] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00AD1912
.text C:\WINDOWS\system32\nipalsm.exe[492] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00AD1804
.text C:\WINDOWS\system32\nipalsm.exe[492] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00AD24D0
.text C:\WINDOWS\system32\nipalsm.exe[492] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00AD2406
.text C:\WINDOWS\system32\nipalsm.exe[492] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00AD2642
.text C:\WINDOWS\system32\nipalsm.exe[492] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00AD2628
.text C:\WINDOWS\system32\nipalsm.exe[492] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00AD188B
.text C:\WINDOWS\system32\nipalsm.exe[504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A127C2
.text C:\WINDOWS\system32\nipalsm.exe[504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A1278D
.text C:\WINDOWS\system32\nipalsm.exe[504] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00A11912
.text C:\WINDOWS\system32\nipalsm.exe[504] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00A11804
.text C:\WINDOWS\system32\nipalsm.exe[504] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00A124D0
.text C:\WINDOWS\system32\nipalsm.exe[504] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00A12406
.text C:\WINDOWS\system32\nipalsm.exe[504] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00A12642
.text C:\WINDOWS\system32\nipalsm.exe[504] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00A12628
.text C:\WINDOWS\system32\nipalsm.exe[504] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00A1188B
.text C:\WINDOWS\system32\nipalsm.exe[520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B027C2
.text C:\WINDOWS\system32\nipalsm.exe[520] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B0278D
.text C:\WINDOWS\system32\nipalsm.exe[520] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00B01912
.text C:\WINDOWS\system32\nipalsm.exe[520] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00B01804
.text C:\WINDOWS\system32\nipalsm.exe[520] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00B024D0
.text C:\WINDOWS\system32\nipalsm.exe[520] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00B02406
.text C:\WINDOWS\system32\nipalsm.exe[520] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00B02642
.text C:\WINDOWS\system32\nipalsm.exe[520] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00B02628
.text C:\WINDOWS\system32\nipalsm.exe[520] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00B0188B
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A427C2
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A4278D
.text C:\WINDOWS\system32\services.exe[688] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00A41912
.text C:\WINDOWS\system32\services.exe[688] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00A41804
.text C:\WINDOWS\system32\services.exe[688] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00A424D0
.text C:\WINDOWS\system32\services.exe[688] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00A42406
.text C:\WINDOWS\system32\services.exe[688] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00A42642
.text C:\WINDOWS\system32\services.exe[688] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00A42628
.text C:\WINDOWS\system32\services.exe[688] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00A4188B
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DA27C2
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DA278D
.text C:\WINDOWS\system32\svchost.exe[852] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00DA1912
.text C:\WINDOWS\system32\svchost.exe[852] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00DA1804
.text C:\WINDOWS\system32\svchost.exe[852] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00DA24D0
.text C:\WINDOWS\system32\svchost.exe[852] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00DA2406
.text C:\WINDOWS\system32\svchost.exe[852] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00DA2642
.text C:\WINDOWS\system32\svchost.exe[852] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00DA2628
.text C:\WINDOWS\system32\svchost.exe[852] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00DA188B
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A227C2
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A2278D
.text C:\WINDOWS\system32\svchost.exe[908] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00A21912
.text C:\WINDOWS\system32\svchost.exe[908] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00A21804
.text C:\WINDOWS\system32\svchost.exe[908] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00A224D0
.text C:\WINDOWS\system32\svchost.exe[908] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00A22406
.text C:\WINDOWS\system32\svchost.exe[908] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00A22642
.text C:\WINDOWS\system32\svchost.exe[908] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00A22628
.text C:\WINDOWS\system32\svchost.exe[908] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00A2188B
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 053B27C2
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 053B278D
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 053B1912
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 053B1804
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 053B24D0
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 053B2406
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetReadFileExW 771C7439 8 Bytes JMP 053B2642
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetReadFileExA 771C8140 5 Bytes JMP 053B2628
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 053B188B
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008227C2
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0082278D
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00821912
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00821804
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 008224D0
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00822406
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00822642
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00822628
.text C:\Programmi\Ahead\InCD\InCDsrv.exe[1020] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0082188B
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008427C2
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0084278D
.text C:\WINDOWS\system32\svchost.exe[1160] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00841912
.text C:\WINDOWS\system32\svchost.exe[1160] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00841804
.text C:\WINDOWS\system32\svchost.exe[1160] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 008424D0
.text C:\WINDOWS\system32\svchost.exe[1160] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00842406
.text C:\WINDOWS\system32\svchost.exe[1160] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00842642
.text C:\WINDOWS\system32\svchost.exe[1160] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00842628
.text C:\WINDOWS\system32\svchost.exe[1160] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0084188B
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AC27C2
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AC278D
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00AC1912
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 00AC1804
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 00AC24D0
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00AC2406
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00AC2642
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00AC2628
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00AC188B
.text C:\WINDOWS\system32\spoolsv.exe[1376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF27C2
.text C:\WINDOWS\system32\spoolsv.exe[1376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF278D
.text C:\WINDOWS\system32\spoolsv.exe[1376] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00FF1912
.text C:\WINDOWS\system32\spoolsv.exe[1376] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00FF1804
.text C:\WINDOWS\system32\spoolsv.exe[1376] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00FF24D0
.text C:\WINDOWS\system32\spoolsv.exe[1376] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00FF2406
.text C:\WINDOWS\system32\spoolsv.exe[1376] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00FF2642
.text C:\WINDOWS\system32\spoolsv.exe[1376] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00FF2628
.text C:\WINDOWS\system32\spoolsv.exe[1376] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00FF188B
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009427C2
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0094278D
.text C:\WINDOWS\system32\svchost.exe[1472] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00941912
.text C:\WINDOWS\system32\svchost.exe[1472] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00941804
.text C:\WINDOWS\system32\svchost.exe[1472] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 009424D0
.text C:\WINDOWS\system32\svchost.exe[1472] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00942406
.text C:\WINDOWS\system32\svchost.exe[1472] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00942642
.text C:\WINDOWS\system32\svchost.exe[1472] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00942628
.text C:\WINDOWS\system32\svchost.exe[1472] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0094188B
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009027C2
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0090278D
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00901912
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00901804
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 009024D0
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00902406
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00902642
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00902628
.text C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe[1488] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0090188B
.text C:\WINDOWS\system32\Crypserv.exe[1524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A327C2
.text C:\WINDOWS\system32\Crypserv.exe[1524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A3278D
.text C:\WINDOWS\system32\Crypserv.exe[1524] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00A31912
.text C:\WINDOWS\system32\Crypserv.exe[1524] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00A31804
.text C:\WINDOWS\system32\Crypserv.exe[1524] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00A324D0
.text C:\WINDOWS\system32\Crypserv.exe[1524] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00A32406
.text C:\WINDOWS\system32\Crypserv.exe[1524] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00A32642
.text C:\WINDOWS\system32\Crypserv.exe[1524] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00A32628
.text C:\WINDOWS\system32\Crypserv.exe[1524] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00A3188B
.text C:\WINDOWS\system32\ircomm2k.exe[1588] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008627C2
.text C:\WINDOWS\system32\ircomm2k.exe[1588] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0086278D
.text C:\WINDOWS\system32\ircomm2k.exe[1588] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00861912
.text C:\WINDOWS\system32\ircomm2k.exe[1588] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00861804
.text C:\WINDOWS\system32\ircomm2k.exe[1588] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 008624D0
.text C:\WINDOWS\system32\ircomm2k.exe[1588] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00862406
.text C:\WINDOWS\system32\ircomm2k.exe[1588] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00862642
.text C:\WINDOWS\system32\ircomm2k.exe[1588] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00862628
.text C:\WINDOWS\system32\ircomm2k.exe[1588] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0086188B
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007A27C2
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007A278D
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 007A1912
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 007A1804
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 007A24D0
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] WININET.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 007A2406
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] WININET.dll!InternetReadFileExW 771C7439 8 Bytes JMP 007A2642
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] WININET.dll!InternetReadFileExA 771C8140 5 Bytes JMP 007A2628
.text C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe[1604] WININET.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 007A188B
.text C:\WINDOWS\system32\lkcitdl.exe[1620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007327C2
.text C:\WINDOWS\system32\lkcitdl.exe[1620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0073278D
.text C:\WINDOWS\system32\lkcitdl.exe[1620] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00731912
.text C:\WINDOWS\system32\lkcitdl.exe[1620] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00731804
.text C:\WINDOWS\system32\lkcitdl.exe[1620] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 007324D0
.text C:\WINDOWS\system32\lkcitdl.exe[1620] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00732406
.text C:\WINDOWS\system32\lkcitdl.exe[1620] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00732642
.text C:\WINDOWS\system32\lkcitdl.exe[1620] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00732628
.text C:\WINDOWS\system32\lkcitdl.exe[1620] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0073188B
.text C:\WINDOWS\system32\lkads.exe[1660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006527C2
.text C:\WINDOWS\system32\lkads.exe[1660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0065278D
.text C:\WINDOWS\system32\lkads.exe[1660] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00651912
.text C:\WINDOWS\system32\lkads.exe[1660] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00651804
.text C:\WINDOWS\system32\lkads.exe[1660] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 006524D0
.text C:\WINDOWS\system32\lkads.exe[1660] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00652406
.text C:\WINDOWS\system32\lkads.exe[1660] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00652642
.text C:\WINDOWS\system32\lkads.exe[1660] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00652628
.text C:\WINDOWS\system32\lkads.exe[1660] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0065188B
.text C:\WINDOWS\system32\lktsrv.exe[1688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 012F27C2
.text C:\WINDOWS\system32\lktsrv.exe[1688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 012F278D
.text C:\WINDOWS\system32\lktsrv.exe[1688] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 012F1912
.text C:\WINDOWS\system32\lktsrv.exe[1688] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 012F1804
.text C:\WINDOWS\system32\lktsrv.exe[1688] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 012F24D0
.text C:\WINDOWS\system32\lktsrv.exe[1688] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 012F2406
.text C:\WINDOWS\system32\lktsrv.exe[1688] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 012F2642
.text C:\WINDOWS\system32\lktsrv.exe[1688] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 012F2628
.text C:\WINDOWS\system32\lktsrv.exe[1688] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 012F188B
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009D27C2
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009D278D
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 009D1912
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 009D1804
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 009D24D0
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 009D2406
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 009D2642
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 009D2628
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1736] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 009D188B
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003727C2
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0037278D
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00371912
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00371804
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 003724D0
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00372406
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00372642
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00372628
.text C:\Programmi\National Instruments\MAX\nimxs.exe[1764] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0037188B
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006727C2
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0067278D
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00671912
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00671804
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 006724D0
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00672406
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00672642
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00672628
.text C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe[1788] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0067188B
.text C:\WINDOWS\system32\RTProxy.exe[1828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E027C2
.text C:\WINDOWS\system32\RTProxy.exe[1828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E0278D
.text C:\WINDOWS\system32\RTProxy.exe[1828] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00E01912
.text C:\WINDOWS\system32\RTProxy.exe[1828] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00E01804
.text C:\WINDOWS\system32\RTProxy.exe[1828] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00E024D0
.text C:\WINDOWS\system32\RTProxy.exe[1828] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00E02406
.text C:\WINDOWS\system32\RTProxy.exe[1828] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00E02642
.text C:\WINDOWS\system32\RTProxy.exe[1828] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00E02628
.text C:\WINDOWS\system32\RTProxy.exe[1828] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00E0188B
.text C:\WINDOWS\system32\nisvcloc.exe[1860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008527C2
.text C:\WINDOWS\system32\nisvcloc.exe[1860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0085278D
.text C:\WINDOWS\system32\nisvcloc.exe[1860] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00851912
.text C:\WINDOWS\system32\nisvcloc.exe[1860] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00851804
.text C:\WINDOWS\system32\nisvcloc.exe[1860] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 008524D0
.text C:\WINDOWS\system32\nisvcloc.exe[1860] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00852406
.text C:\WINDOWS\system32\nisvcloc.exe[1860] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00852642
.text C:\WINDOWS\system32\nisvcloc.exe[1860] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00852628
.text C:\WINDOWS\system32\nisvcloc.exe[1860] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0085188B
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02EB27C2
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02EB278D
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 02EB1912
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 02EB1804
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 02EB24D0
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 02EB2406
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 02EB2642
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 02EB2628
.text C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe[1928] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 02EB188B
.text C:\kav\kav6.0\english\setup.exe[2100] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001627C2
.text C:\kav\kav6.0\english\setup.exe[2100] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0016278D
.text C:\kav\kav6.0\english\setup.exe[2100] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00161912
.text C:\kav\kav6.0\english\setup.exe[2100] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00161804
.text C:\kav\kav6.0\english\setup.exe[2100] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 001624D0
.text C:\kav\kav6.0\english\setup.exe[2100] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00162406
.text C:\kav\kav6.0\english\setup.exe[2100] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00162642
.text C:\kav\kav6.0\english\setup.exe[2100] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00162628
.text C:\kav\kav6.0\english\setup.exe[2100] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0016188B
.text C:\WINDOWS\explorer.exe[2276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 017D27C2
.text C:\WINDOWS\explorer.exe[2276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 017D278D
.text C:\WINDOWS\explorer.exe[2276] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 017D1912
.text C:\WINDOWS\explorer.exe[2276] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 017D1804
.text C:\WINDOWS\explorer.exe[2276] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 017D24D0
.text C:\WINDOWS\explorer.exe[2276] WININET.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 017D2406
.text C:\WINDOWS\explorer.exe[2276] WININET.dll!InternetReadFileExW 771C7439 8 Bytes JMP 017D2642
.text C:\WINDOWS\explorer.exe[2276] WININET.dll!InternetReadFileExA 771C8140 5 Bytes JMP 017D2628
.text C:\WINDOWS\explorer.exe[2276] WININET.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 017D188B
.text C:\WINDOWS\SOUNDMAN.EXE[2408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A827C2
.text C:\WINDOWS\SOUNDMAN.EXE[2408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A8278D
.text C:\WINDOWS\SOUNDMAN.EXE[2408] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00A81912
.text C:\WINDOWS\SOUNDMAN.EXE[2408] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00A81804
.text C:\WINDOWS\SOUNDMAN.EXE[2408] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00A824D0
.text C:\WINDOWS\SOUNDMAN.EXE[2408] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00A82406
.text C:\WINDOWS\SOUNDMAN.EXE[2408] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00A82642
.text C:\WINDOWS\SOUNDMAN.EXE[2408] wininet.dll!InternetReadFileExA 771C8140 3 Bytes JMP 00A82628
.text C:\WINDOWS\SOUNDMAN.EXE[2408] wininet.dll!InternetReadFileExA + 4 771C8144 1 Byte [ 89 ]
.text C:\WINDOWS\SOUNDMAN.EXE[2408] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00A8188B
.text C:\WINDOWS\system32\rundll32.exe[2416] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009B27C2
.text C:\WINDOWS\system32\rundll32.exe[2416] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009B278D
.text C:\WINDOWS\system32\rundll32.exe[2416] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 009B1912
.text C:\WINDOWS\system32\rundll32.exe[2416] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 009B1804
.text C:\WINDOWS\system32\rundll32.exe[2416] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 009B24D0
.text C:\WINDOWS\system32\rundll32.exe[2416] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 009B2406
.text C:\WINDOWS\system32\rundll32.exe[2416] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 009B2642
.text C:\WINDOWS\system32\rundll32.exe[2416] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 009B2628
.text C:\WINDOWS\system32\rundll32.exe[2416] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 009B188B
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003727C2
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0037278D
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00371912
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 00371804
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 003724D0
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] WININET.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00372406
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] WININET.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00372642
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] WININET.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00372628
.text C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe[2444] WININET.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0037188B
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A027C2
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A0278D
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00A01912
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00A01804
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00A024D0
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00A02406
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00A02642
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00A02628
.text C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe[2456] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00A0188B
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF27C2
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF278D
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00FF1912
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 00FF1804
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 00FF24D0
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 00FF2406
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 00FF2642
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 00FF2628
.text C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe[2464] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 00FF188B
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 012627C2
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0126278D
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 01261912
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] wininet.dll!HttpSendRequestA 77196249 5 Bytes JMP 01261804
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] wininet.dll!InternetReadFile 771980F4 5 Bytes JMP 012624D0
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] wininet.dll!InternetQueryDataAvailable 771A8A0F 5 Bytes JMP 01262406
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] wininet.dll!InternetReadFileExW 771C7439 8 Bytes JMP 01262642
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] wininet.dll!InternetReadFileExA 771C8140 5 Bytes JMP 01262628
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[2472] wininet.dll!HttpSendRequestW 771E1CEC 5 Bytes JMP 0126188B
.text C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe[2480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C027C2
.text C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe[2480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C0278D
.text C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe[2480] wininet.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 00C01912
.text C:\Prog

da **Amantide** » dom mar 04, 2007 4:22 pm

Purtroppo oltre al worm Bagle c'è un altro rootkit.

Scarica The Avenger, estrai archivio in una cartella ed avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno del form copia ed incolla questo script:

Drivers to unload:
m_hook
new_drv

files to delete:
C:\Documents and Settings\Pc\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\Pc\Dati applicazioni\hidires\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\9129837.exe
C:\WINDOWS\new_drv.sys
C:\Windows\Temp\9129837.cab

folders to delete:
C:\Documents and Settings\Pc\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\CurrentControlSet\Services\new_drv

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Dopodichè clicca sul pulsante Done, poi 2 volte sull'icona del semaforo verde e rispondi alle successive domande Si .
Il pc dovrebbe riavviarsi da solo,se cosi non fosse riavvialo manualmente.
Alla fine allegami il log di Avenger che si trova in C:/avenger.txt

Postami anche il log Autostart di Gmer.

da **Tiuzzo** » dom mar 04, 2007 6:58 pm

ok già a primo impatto sembra tutto okay...
questo il log di avenger

Codice: Seleziona tutto: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- no registry value to delete found. Line will be ignored. Error code: 0 Line: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\lbrrvpsy ******************* Script file located at: \??\C:\WINDOWS\system32\qydynjnc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Driver m_hook unloaded successfully. Driver new_drv unloaded successfully. File C:\Documents and Settings\Pc\Dati applicazioni\hidires\m_hook.sys deleted successfully. File C:\Documents and Settings\Pc\Dati applicazioni\hidires\hidr.exe deleted successfully. File C:\WINDOWS\system32\wintems.exe not found! Deletion of file C:\WINDOWS\system32\wintems.exe failed! Could not process line: C:\WINDOWS\system32\wintems.exe Status: 0xc0000034 File C:\WINDOWS\system32\hldrrr.exe not found! Deletion of file C:\WINDOWS\system32\hldrrr.exe failed! Could not process line: C:\WINDOWS\system32\hldrrr.exe Status: 0xc0000034 File C:\WINDOWS\9129837.exe deleted successfully. File C:\WINDOWS\new_drv.sys deleted successfully. File C:\Windows\Temp\9129837.cab not found! Deletion of file C:\Windows\Temp\9129837.cab failed! Could not process line: C:\Windows\Temp\9129837.cab Status: 0xc0000034 Folder C:\Documents and Settings\Pc\Dati applicazioni\hidires deleted successfully. Folder C:\WINDOWS\exefld deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\m_hook Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\new_drv not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\new_drv failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\new_drv Status: 0xc0000034 Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.

invece x il log di gmer all'avvio non ha scritto niente...
senti ma così in pratica ho tolto sia il bagle sia il rootkit?
Grazie mille 6 miticaaaaaaaaaaaaaa!!! [rotolo]

da **Amantide** » dom mar 04, 2007 7:30 pm

Avendo la mente annebbiata a causa dell'influenza non avevo notato che avevi postato anche qui. [nonono]

Ti pregherei gentilmente in futuro di non postare sullo stesso problema nelle diverse discussioni, ciò può rendere il lavoro più difficile sia a noi che a quelli che in futuro dovranno fare la ricerca sullo stesso problema. [grazie]

invece x il log di gmer all'avvio non ha scritto niente...

Il log serve a me [std]

, Gmer non sempre individua le voci pericolose e ciò che tu vedi in nero come una qualsiasi voce legittima di sistema può rivelarsi un malware.

senti ma così in pratica ho tolto sia il bagle sia il rootkit?

Veramente anche questa versione di Bagle comprende il rootkit, per la precisione il file m_hook.sys, ma oltre al Bagle c'era anche un altro virus nascosto da un altro rootkit, new_drv.sys

da **Tiuzzo** » dom mar 04, 2007 8:20 pm

ops scusate veramente lo avevo scritto in tutt'e due i post perché non credevo ci fosse un collegamento tra i due problemi...
la prossima volta chiederò(sperando che non ci sia un'altra volta[fischio])!

Il log serve a me Smile , Gmer non sempre individua le voci pericolose e ciò che tu vedi in nero come una qualsiasi voce legittima di sistema può rivelarsi un malware.

intendevo dire che non mi è comparso nulla, solo la schermata bianca.

da **Amantide** » dom mar 04, 2007 9:35 pm

Tiuzzo ha scritto:intendevo dire che non mi è comparso nulla, solo la schermata bianca.

Dovresti prima selezionare il tab Autostart, poi spuntare la voce Show all ed alla fine premere Scan.
Fammi sapere [:)]

da **Tiuzzo** » dom mar 04, 2007 9:40 pm

ah capito ecco quà!

Codice: Seleziona tutto: GMER 1.0.12.12027 - http://www.gmer.net Autostart scan 2007-03-04 20:37:07 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>> @UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe, @ShellExplorer.exe = Explorer.exe @System = @UIHostlogonui.exe = logonui.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> crypt32chain@DLLName = crypt32.dll cryptnet@DLLName = cryptnet.dll cscdll@DLLName = cscdll.dll SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll ScCertProp@DLLName = wlnotify.dll Schedule@DLLName = wlnotify.dll sclgntfy@DLLName = sclgntfy.dll SensLogn@DLLName = WlNotify.dll termsrv@DLLName = wlnotify.dll WgaLogon@DLLName = WgaLogon.dll wlballoon@DLLName = wlnotify.dll HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL HKLM\SYSTEM\CurrentControlSet\Services\ >>> AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe BITS /*Servizio trasferimento intelligente in background*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs BthServ /*Bluetooth Support Service*/@ = %SystemRoot%\system32\svchost.exe -k bthsvcs btwdins /*Bluetooth Service*/@ = C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe CiSvc /*Servizio di indicizzazione*/@ = %SystemRoot%\system32\cisvc.exe Crypkey License /*Crypkey License*/@ = crypserv.exe CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs HidServ /*HID Input Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs InCDsrv /*InCD Helper*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe IrCOMM2kSvc /*Virtual IR COM Port, Service Program*/@ = %SystemRoot%\system32\ircomm2k.exe Irmon /*Monitor infrarossi*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs LEC TranslateDotNet Server /*LEC TranslateDotNet Server*/@ = "C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe" LkCitadelServer /*Lookout Citadel Server*/@ = C:\WINDOWS\system32\lkcitdl.exe lkClassAds /*National Instruments PSP Server Locator*/@ = C:\WINDOWS\system32\lkads.exe lkTimeSync /*National Instruments Time Synchronization*/@ = C:\WINDOWS\system32\lktsrv.exe LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\system32\svchost.exe -k LocalService MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE" mxssvr /*NI Configuration Manager*/@ = "C:\Programmi\National Instruments\MAX\nimxs.exe" nidevldu@ = system32\nipalsm.exe NIDomainService /*National Instruments Domain Service*/@ = "C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe" nimcdldu@ = system32\nipalsm.exe nimcrpcsu@ = system32\nipalsm.exe nipxirmu@ = system32\nipalsm.exe niRTProxy /*niRTProxy*/@ = C:\WINDOWS\system32\RTProxy.exe C:\WINDOWS\system32\RTProxy.exe -s niSvcLoc /*NI Service Locator*/@ = C:\WINDOWS\system32\nisvcloc.exe -s NITaggerService /*National Instruments Variable Engine*/@ = "C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe" PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\system32\lsass.exe ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService RichVideo /*Cyberlink RichVideo Service(CRVS)*/@ = "C:\Programmi\CyberLink\Shared files\RichVideo.exe" ?????????????????????????????????????????????????? /*file not found*/ RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe @Tweak UIRUNDLL32.EXE TWEAKUI.CPL,TweakMeUp = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp @SoundManSOUNDMAN.EXE = SOUNDMAN.EXE @BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent @QuickTime Task"C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime = "C:\Programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime @TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot @SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" @TrustKeybdC:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe = C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe @WheelMouseC:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe = C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe @InstantAccessC:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h = C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h @Google Desktop Search"C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup @RemoteControl"C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" = "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" @InCDC:\Programmi\Ahead\InCD\InCD.exe = C:\Programmi\Ahead\InCD\InCD.exe @{0228e555-4f9c-4e35-a3ec-b109a192b4c2}C:\Programmi\Google\Gmail Notifier\gnotify.exe = C:\Programmi\Google\Gmail Notifier\gnotify.exe @ICQ LiteC:\Programmi\ICQLite\ICQLite.exe -minimize = C:\Programmi\ICQLite\ICQLite.exe -minimize @PCSuiteTrayApplicationC:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/ @AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @swgC:\Programmi\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe @MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe @Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized @googletalk"C:\Programmi\Google\Google Talk\googletalk.exe" /autostart = "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart @drvsyskitC:\Documents and Settings\Pc\Dati applicazioni\hidires\hidr.exe /*file not found*/ = C:\Documents and Settings\Pc\Dati applicazioni\hidires\hidr.exe /*file not found*/ @ttoolC:\WINDOWS\9129837.exe /*file not found*/ = C:\WINDOWS\9129837.exe /*file not found*/ @SUPERAntiSpywareC:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe @checkersC:\WINDOWS\checkers6.exe = C:\WINDOWS\checkers6.exe @eMuleAutoStartC:\Programmi\eMule\emule.exe -AutoStart = C:\Programmi\eMule\emule.exe -AutoStart RunOnce@ICQ Lite = C:\Programmi\ICQLite\ICQLite.exe -trayboot HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>> @PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll @WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll @UPnPMonitorC:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>> @{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L HKLM\Software\Classes\ >>> .exe@ = "%1" %* .com@ = "%1" %* .cmd@ = "%1" %* .bat@ = "%1" %* .pif@ = "%1" %* .scr@ = "%1" /S .hta@ = C:\WINDOWS\system32\mshta.exe "%1" %* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>> @{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll @{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Programmi\SUPERAntiSpyware\SASSEH.DLL = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl @{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll @{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll @{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll @{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll @{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll @{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll @{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll @{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll @{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll @{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll @{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll @{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll @{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) = @{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll @{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll @{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) = @{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll @{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll @{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll @{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll @{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll @{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll @{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll @{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll @{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll @{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll @{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll @{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll @{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll @{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll @{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll @{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll @{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll @{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl @{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) = @{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll @{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll @{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll @{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll @{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll @{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl @{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl @{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl @{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll @{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) = @{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll @{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll @{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll @{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll @{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll @{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll @{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll @{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll @{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) = @{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll @{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll @{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll @{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll @{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll @{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll @{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll @{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll @{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll @{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll @{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll @{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll @{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll @{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll @{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll @{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll @{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll @{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll @{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll @{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll @{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll @{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll @{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL @{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll @{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll @{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll @{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll @(null) = @{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll @{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll @{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll @{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll @{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} /*SnagIt*/C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll = C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll @{CF74B903-3389-469c-B3B6-0204D204FCBD} /*SnagIt Shell Extension*/C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll @{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll @{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll @{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll @{9DED7A30-D572-4D21-8D82-6945EA697400} /*Macromedia FlashPaper Context Menu*/C:\Programmi\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll = C:\Programmi\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll @{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Programmi\Ahead\InCD\incdshx.dll = C:\Programmi\Ahead\InCD\incdshx.dll @{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll @{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/C:\Programmi\ICQLite\ICQLiteShell.dll = C:\Programmi\ICQLite\ICQLiteShell.dll @{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll @{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll @{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programmi\ICQLite\ICQLiteShell.dll Macromedia.FlashPaper.ContextMenu@{9DED7A30-D572-4D21-8D82-6945EA697400} = C:\Programmi\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll SnagItMainShellExt@{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>> @{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programmi\ICQLite\ICQLiteShell.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll SnagItMainShellExt@{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{00C6482D-C502-44C8-8409-FCE54AD9C208}C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll = C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll @{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443}F:\yeti\IEButtonYetiSportsEBayInterface.dll = F:\yeti\IEButtonYetiSportsEBayInterface.dll @{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll @{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll @{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar1.dll = c:\programmi\google\googletoolbar1.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\MAL-PC.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.google.it/ = http://www.google.it/ @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\ >>> application/octet-stream@CLSID = mscoree.dll application/x-complus@CLSID = mscoree.dll application/x-msdownload@CLSID = mscoree.dll Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll deflate@CLSID = C:\WINDOWS\system32\urlmon.dll gzip@CLSID = C:\WINDOWS\system32\urlmon.dll lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> about@CLSID = %SystemRoot%\system32\mshtml.dll cdl@CLSID = C:\WINDOWS\system32\urlmon.dll dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll file@CLSID = C:\WINDOWS\system32\urlmon.dll ftp@CLSID = C:\WINDOWS\system32\urlmon.dll gopher@CLSID = C:\WINDOWS\system32\urlmon.dll http@CLSID = C:\WINDOWS\system32\urlmon.dll https@CLSID = C:\WINDOWS\system32\urlmon.dll its@CLSID = C:\WINDOWS\system32\itss.dll javascript@CLSID = %SystemRoot%\system32\mshtml.dll livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL local@CLSID = C:\WINDOWS\system32\urlmon.dll mailto@CLSID = %SystemRoot%\system32\mshtml.dll mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll mk@CLSID = C:\WINDOWS\system32\urlmon.dll ms-its@CLSID = C:\WINDOWS\system32\itss.dll ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL res@CLSID = %SystemRoot%\system32\mshtml.dll sysimage@CLSID = %SystemRoot%\system32\mshtml.dll tv@CLSID = C:\WINDOWS\system32\msvidctl.dll vbscript@CLSID = %SystemRoot%\system32\mshtml.dll wia@CLSID = C:\WINDOWS\system32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EDF3427-B0DD-4FE0-B899-DF7D561D6649} /*Connessione alla rete locale (LAN)*/ >>> @IPAddress192.168.0.49 = 192.168.0.49 @NameServer151.99.125.2,151.99.125.3 = 151.99.125.2,151.99.125.3 @DefaultGateway192.168.0.1 = 192.168.0.1 @Domain = HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E7F9EE63-8836-4D92-9421-4F72608AA6A9} /*Connessione alla rete locale (LAN) 2*/ >>> @IPAddress192.168.0.1 = 192.168.0.1 @NameServer = @DefaultGateway = @Domain = HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>> 000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll 000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll 000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll 000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000028@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000029@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000030@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000031@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>> Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk BTTray.lnk = BTTray.lnk SnagIt 8.lnk = SnagIt 8.lnk ---- EOF - GMER 1.0.12 ----

da **Amantide** » dom mar 04, 2007 10:20 pm

Dovresti eliminare un altra volta questo file
C:\WINDOWS\checkers6.exe

Le altre voci che sono rimaste sono superflue e si possono fixare anche con Hijackthis.

da **Lorxx** » mar mar 06, 2007 6:58 pm

eccomi ancora....il mio problema persistente è che ora ho antivir come antivirus, ma ogni volta che prova ad aggiornarsi, riscontra qualche errore. Per questo ogni volta che accendo il PC, windows mi dice che Antivir non è aggiornato.....che devo fare???? [...]

www.MegaLab.it

Aiuto! Non riesco più ad installare nessun antivirus

Chi c’è in linea