Pagina 1 di 1

Scansione hijackthis

MessaggioInviato: mar mar 20, 2007 12:18 pm
da kaori
Salve. Da qualche giorno le pagine di internet si aprono lentissimamente e a volte rimangono interamente bianchce, vi invio la scansione di hijackthis, per cortesia gli date un'occhiata? Vi ringrazio molto.
Logfile of HijackThis v1.99.1
Scan saved at 10.57.00, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\TTERMPRO\ttermpro.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 13 per hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 14 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/it/it/importer/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

MessaggioInviato: mar mar 20, 2007 2:09 pm
da crazy.cat
Il log è pulito.
Se sospetti un virus vai su
http://www.kaspersky.com/virusscanner
e fai lo scan online.
Se trova dei virus salvati il log finale e postalo qui.

MessaggioInviato: mar mar 20, 2007 8:03 pm
da kaori
Grazie crazy, eccolo:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 20, 2007 6:55:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/03/2007
Kaspersky Anti-Virus database records: 267504


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\utente\IMPOST~1\Temp\

Scan Statistics
Total number of scanned objects 30815
Number of viruses found 1
Number of infected objects 0 / 0
Number of suspicious objects 7
Duration of the scan process 00:54:55

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\com9.bnz Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 4 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 6 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 7 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 8 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\PXR4.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\PXR5.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\PXR6.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\PXR7.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\PXR8.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\PXR9.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\PXRA.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\~DF443D.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\~DF445D.tmp Object is locked skipped

Scan process completed.

MessaggioInviato: mar mar 20, 2007 8:40 pm
da Amantide
C:\WINDOWS\system32\com9.bnz
Questo file indica la presenza di Gromozon.

Vedi se riesci a scaricare Gmer e fare la scansione delle sezioni Autostart e Rootkit spuntando la voce Show all. A scansione terminata clicca sul tasto Copy ed incolla il risultato sul blocco note, da allegare al post in un' archivio zippato, oppure direttamente qui.

MessaggioInviato: mer mar 21, 2007 11:49 am
da kaori
grazie Amantide. Ecco il risultato:
GMER 1.0.12.12086 - http://www.gmer.net
Autostart scan 2007-03-21 10:11:08
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BITS /*Servizio trasferimento intelligente in background*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
InoRPC /*eTrust Antivirus RPC Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoRpc.exe"
InoRT /*eTrust Antivirus Realtime Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoRT.exe"
InoTask /*eTrust Antivirus Job Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoTask.exe"
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
LogWatch /*Event Log Watch*/@ = C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AtiPTAatiptaxx.exe = atiptaxx.exe
@Realtime MonitorC:\PROGRA~1\CA\ETRUST~1\realmon.exe -s = C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
@WorksFUDC:\Programmi\Microsoft Works\wkfud.exe = C:\Programmi\Microsoft Works\wkfud.exe
@Microsoft Works PortfolioC:\Programmi\Microsoft Works\WksSb.exe /AllUsers /*file not found*/ = C:\Programmi\Microsoft Works\WksSb.exe /AllUsers /*file not found*/
@Microsoft Works Update DetectionC:\Programmi\Microsoft Works\WkDetect.exe = C:\Programmi\Microsoft Works\WkDetect.exe
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATI Launchpad /*file not found*/ = /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{DCED20BE-3645-11D4-BC95-00C04F0E0588} /*InoShell*/C:\Programmi\CA\eTrust Antivirus\InoShell.dll = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll /*file not found*/ = C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll /*file not found*/
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDO


GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-21 10:46:01
Windows 5.1.2600 Service Pack 2


---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc23.yvoreb.vg-ptv-ova-jroznvy.ptv-YRGGREN_VASBEZNGVIN.qbpVQ=Vu0iOH8LAW_eM4ZIijhTMja9agXscubyatFLiw0iz8pAoXRuS9x&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=106&Obql=2&svyranzr=YRGGREN_VASBEZNGVIN.qbp.yax 0x4F 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc1.yvoreb.vg-ptv-ova-jroznvy.ptv-RYRAPB_ZBOVYV_HFNGV.qbpVQ=VmY4XmhUD4GPieEF8YhvawPq0cGj_mLOhosPPcVrb50QKu2rAOdVlc&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=227&Obql=2&svyranzr=RYRAPB_ZBOVYV_HFNGV.qbp.yax 0x84 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc9.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=V0SJZkbUEog8gcKH_WtfyuRo2eAh8krUfMEZNeBrkJ9gNwjLCQxTje&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc3.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=VgoVrw_EQcGlsouvZ7rFKGlgRMQthwVE_YCFF5LV8WywxETh9kn4PM&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...

---- EOF - GMER 1.0.12 ----

MessaggioInviato: mer mar 21, 2007 6:22 pm
da Amantide
Per il resto il pc sembra essere pulito.
Scarica AGVPFIX ed elimina con il suo aiuto questo file C:\WINDOWS\system32\com9.bnz

MessaggioInviato: mer mar 21, 2007 7:47 pm
da kaori
Grazie Amantide, ho proceduto come da te consigliato e poi ho rifatto la scansione con Kaspersky. Mi pare che com9.bnz non ci sia più, ma mi segnale comunque n.1 virus e 7 sospetti !!!! [cry+]

Wednesday, March 21, 2007 6:35:00 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/03/2007
Kaspersky Anti-Virus database records: 267681


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\utente\IMPOST~1\Temp\

Scan Statistics
Total number of scanned objects 30922
Number of viruses found 1
Number of infected objects 0 / 0
Number of suspicious objects 7
Duration of the scan process 00:28:58

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Acr1FB9.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 1 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 4 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 6 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 7 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 8 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\~DF2667.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\~DF266C.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\~DFDD0F.tmp Object is locked skipped

C:\DOCUME~1\utente\IMPOST~1\Temp\~DFDD14.tmp Object is locked skipped

Scan process completed.

MessaggioInviato: mer mar 21, 2007 7:59 pm
da Amantide
Scarica CCleaner ed esegui la pulizia dei file temporanei dalla modalità provvisoria.

Ma la scansione con Kaspersky online avevi fatto solo delle zone critiche, è vero? Se è cosi fai anche la scansione completa del sistema o perlomeno dell'unità su cui è installato windows.

MessaggioInviato: gio mar 22, 2007 12:55 pm
da kaori
Ciao Amantide e grazie ancora. Ho eseguito la pulizia con CCleaner in modalità provvisoria e poi di nuovo la scansione con Kaspersky, questa volta selezionando "My computer". Ecco il log:

Thursday, March 22, 2007 11:27:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/03/2007
Kaspersky Anti-Virus database records: 267866


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
O:\
R:\
S:\
T:\

Scan Statistics
Total number of scanned objects 96255
Number of viruses found 1
Number of infected objects 0 / 0
Number of suspicious objects 7
Duration of the scan process 00:55:34

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Works\Portfolio\Esempio.wsb Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\utente\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Cronologia\History.IE5\MSHist012007032220070323\index.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\Directory temporanea 2 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\Directory temporanea 3 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\Directory temporanea 4 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\Directory temporanea 6 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\Directory temporanea 7 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\Directory temporanea 8 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\~DFEAAA.tmp Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\~DFEAAF.tmp Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\utente\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\utente\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\utente\UserData\index.dat Object is locked skipped

C:\Programmi\CA\eTrust Antivirus\DB\rtmaster.dbf Object is locked skipped

C:\Programmi\CA\eTrust Antivirus\DB\rtmaster.ntx Object is locked skipped

C:\Programmi\CA\eTrust Antivirus\DB\scanlog.dbf Object is locked skipped

C:\Programmi\CA\eTrust Antivirus\DB\scanlog.ntx Object is locked skipped

C:\Programmi\CA\eTrust Antivirus\DB\SL506cf856-f20a-4a04-8770-67fdb07b210d.dbf Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

S:\orbit-root\linc-345d-0-14e48d01408d Object is locked skipped

S:\orbit-root\linc-d17-0-95def4c249b0 Object is locked skipped

S:\orbit-root\linc-d9e-0-32929f83335d6 Object is locked skipped

S:\orbit-root\linc-de9-0-29143c6174e92 Object is locked skipped

S:\orbit-root\linc-bf1-0-3eff9fa078869 Object is locked skipped

S:\orbit-root\linc-dee-0-c117e615b119 Object is locked skipped

S:\orbit-root\linc-dfb-0-5fba0ea541d4c Object is locked skipped

S:\orbit-root\linc-dff-0-5fba0ea54d913 Object is locked skipped

S:\orbit-root\linc-c3e-0-535d751beea6c Object is locked skipped

S:\orbit-root\linc-e02-0-5fba0ea5a7b5f Object is locked skipped

S:\orbit-root\linc-e06-0-15ec948b92284 Object is locked skipped

S:\orbit-root\linc-c40-0-50da1ece1c8db Object is locked skipped

S:\orbit-root\linc-e55-0-63fc0b316ec4d Object is locked skipped

S:\orbit-root\linc-ec1-0-5e9dd6ac5a4dc Object is locked skipped

S:\orbit-root\linc-e77-0-754cb9c52026f Object is locked skipped

S:\orbit-root\linc-e73-0-754cb9c525c9e Object is locked skipped

S:\orbit-root\linc-c50-0-737c2bd5ecbb Object is locked skipped

S:\orbit-root\linc-e79-0-754cb9c54e034 Object is locked skipped

S:\orbit-root\linc-c54-0-737c2bd5ecbc Object is locked skipped

S:\orbit-root\linc-e7d-0-5a8503ea1cb15 Object is locked skipped

S:\orbit-root\linc-e97-0-65b00308e6dd2 Object is locked skipped

S:\orbit-root\linc-eb1-0-4d5b0f9e48bdb Object is locked skipped

S:\orbit-root\linc-eb5-0-767425b7ac9fe Object is locked skipped

S:\orbit-root\linc-eb7-0-767425b7ae0af Object is locked skipped

S:\orbit-root\linc-eb9-0-767425b7bdad7 Object is locked skipped

S:\orbit-root\linc-ebb-0-767425b7cdb0b Object is locked skipped

S:\orbit-root\linc-ebf-0-86bb14592fee Object is locked skipped

S:\orbit-root\linc-ec8-0-86bb145dc06a Object is locked skipped

S:\orbit-root\linc-ecc-0-7fc6907be113c Object is locked skipped

S:\orbit-root\linc-efa-0-2ef4eb981cfe3 Object is locked skipped

S:\orbit-root\linc-f13-0-6dd03bb5eb0e Object is locked skipped

S:\orbit-root\linc-f17-0-2ef4eb98af6d1 Object is locked skipped

S:\orbit-root\linc-f19-0-2ef4eb98b5c9b Object is locked skipped

S:\orbit-root\linc-f1b-0-2ef4eb98cd68f Object is locked skipped

S:\orbit-root\linc-f1d-0-2ef4eb98eac9c Object is locked skipped

S:\orbit-root\linc-f21-0-41a289c7acbc6 Object is locked skipped

S:\orbit-root\linc-f2a-0-13a25a7620d43 Object is locked skipped

S:\orbit-root\linc-f37-0-62dda83023e61 Object is locked skipped

S:\orbit-root\linc-f50-0-3fc00b9d6951d Object is locked skipped

S:\orbit-root\linc-f54-0-62dda830bf942 Object is locked skipped

S:\orbit-root\linc-f56-0-62dda830c18b9 Object is locked skipped

S:\orbit-root\linc-f58-0-62dda830d9c29 Object is locked skipped

S:\orbit-root\linc-f5a-0-62dda8377e60 Object is locked skipped

S:\orbit-root\linc-f5e-0-743fe14fc9308 Object is locked skipped

S:\orbit-root\linc-f67-0-468b93ea20bed Object is locked skipped

S:\orbit-root\linc-ed5-0-79b2c14d88af1 Object is locked skipped

S:\orbit-root\orb-735697711926897685 Object is locked skipped

S:\orbit-root\linc-11f1-0-463493044f10d Object is locked skipped

S:\orbit-root\linc-11f3-0-463493044f65e Object is locked skipped

S:\orbit-root\linc-11f6-0-46349304a6198 Object is locked skipped

S:\orbit-root\linc-c57-0-737c2bd57e47b Object is locked skipped

S:\orbit-root\linc-c5b-0-181b90c1b388f Object is locked skipped

S:\orbit-root\linc-f22-0-b87f1823a1c1 Object is locked skipped

S:\orbit-root\linc-d5d-0-2b1a34501898 Object is locked skipped

S:\orbit-root\linc-d77-0-2f68601c433e4 Object is locked skipped

S:\orbit-root\linc-d7b-0-2b1a3450855aa Object is locked skipped

S:\orbit-root\linc-d7d-0-2b1a345095bc5 Object is locked skipped

S:\orbit-root\linc-d7f-0-2b1a34509c157 Object is locked skipped

S:\orbit-root\linc-d81-0-2b1a3450b0999 Object is locked skipped

S:\orbit-root\linc-d8e-0-fe28e5316920 Object is locked skipped

S:\orbit-root\linc-d85-0-fe28e533d869 Object is locked skipped

S:\orbit-root\linc-e0f-0-15d77eac303d2 Object is locked skipped

S:\orbit-root\linc-f33-0-b87f182bc303 Object is locked skipped

S:\orbit-root\linc-f2f-0-b87f182c6924 Object is locked skipped

S:\orbit-root\linc-f35-0-b87f182ee766 Object is locked skipped

S:\orbit-root\linc-f39-0-135036f3005f Object is locked skipped

S:\orbit-root\linc-f7c-0-74f8bcf16f066 Object is locked skipped

S:\orbit-root\linc-3435-0-2c3934faa4c98 Object is locked skipped

S:\orbit-root\linc-344f-0-72a8f99942e6d Object is locked skipped

S:\orbit-root\linc-3451-0-7e3f6a738b400 Object is locked skipped

S:\orbit-root\linc-3461-0-354f679893f68 Object is locked skipped

S:\orbit-root\linc-3465-0-354f67989438f Object is locked skipped

S:\orbit-root\linc-3463-0-354f6798e586c Object is locked skipped

S:\orbit-root\linc-3467-0-4758334110a90 Object is locked skipped

S:\orbit-root\linc-346b-0-6b298763b60a1 Object is locked skipped

S:\orbit-root\linc-3472-0-7ee3f11e328d3 Object is locked skipped

S:\.font-unix\fs7100 Object is locked skipped

S:\.iroha_unix\IROHA Object is locked skipped

S:\.fam_socket Object is locked skipped

S:\jd_sockV4 Object is locked skipped

Scan process completed.

MessaggioInviato: gio mar 22, 2007 1:11 pm
da Amantide
C:\Documents and Settings\utente\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis_199[1].zip\hijackthis.log Suspicious: Exploit.HTML.Mht skipped
Questo ed altri file forse vengono indicati come sospetti per il fatto che il log di Hijackthis contiene qualche riga sospetta che viene interpretata come lo script pericoloso, evidentemente avevi eseguito Hijackthis direttamente dall'archivio rar ed è per questo che il log si trova nei file temporanei. Basta che elimini questi file manualmente e sei apposto. [;)]

MessaggioInviato: gio mar 22, 2007 5:50 pm
da kaori
fatto! Mi pare vada molto meglio ora, vero? Devo eseguire altro?
Ho notato che qui C:\Documents and Settings\utente\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5 ci sono 6 cartelle che contengono un sacco di porcherie, principalmente immagini e pubblicità, volevo sapere se posso cancellarle e come. Grazie ancora.

KASPERSKY ONLINE SCANNER REPORT
Thursday, March 22, 2007 4:12:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/03/2007
Kaspersky Anti-Virus database records: 267899


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
O:\
R:\
S:\
T:\

Scan Statistics
Total number of scanned objects 95809
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 00:46:58

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Works\Portfolio\Esempio.wsb Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\utente\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Cronologia\History.IE5\MSHist012007032220070323\index.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\~DF45A4.tmp Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Temp\~DF45A9.tmp Object is locked skipped

C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\utente\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\utente\ntuser.dat.LOG Object is locked skipped

C:\Programmi\CA\eTrust Antivirus\DB\rtmaster.dbf Object is locked skipped

C:\Programmi\CA\eTrust Antivirus\DB\rtmaster.ntx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

S:\orbit-root\linc-345d-0-14e48d01408d Object is locked skipped

S:\orbit-root\linc-d17-0-95def4c249b0 Object is locked skipped

S:\orbit-root\linc-d9e-0-32929f83335d6 Object is locked skipped

S:\orbit-root\linc-de9-0-29143c6174e92 Object is locked skipped

S:\orbit-root\linc-bf1-0-3eff9fa078869 Object is locked skipped

S:\orbit-root\linc-dee-0-c117e615b119 Object is locked skipped

S:\orbit-root\linc-dfb-0-5fba0ea541d4c Object is locked skipped

S:\orbit-root\linc-dff-0-5fba0ea54d913 Object is locked skipped

S:\orbit-root\linc-c3e-0-535d751beea6c Object is locked skipped

S:\orbit-root\linc-e02-0-5fba0ea5a7b5f Object is locked skipped

S:\orbit-root\linc-e06-0-15ec948b92284 Object is locked skipped

S:\orbit-root\linc-c40-0-50da1ece1c8db Object is locked skipped

S:\orbit-root\linc-e55-0-63fc0b316ec4d Object is locked skipped

S:\orbit-root\linc-ec1-0-5e9dd6ac5a4dc Object is locked skipped

S:\orbit-root\linc-e77-0-754cb9c52026f Object is locked skipped

S:\orbit-root\linc-e73-0-754cb9c525c9e Object is locked skipped

S:\orbit-root\linc-c50-0-737c2bd5ecbb Object is locked skipped

S:\orbit-root\linc-e79-0-754cb9c54e034 Object is locked skipped

S:\orbit-root\linc-c54-0-737c2bd5ecbc Object is locked skipped

S:\orbit-root\linc-e7d-0-5a8503ea1cb15 Object is locked skipped

S:\orbit-root\linc-e97-0-65b00308e6dd2 Object is locked skipped

S:\orbit-root\linc-eb1-0-4d5b0f9e48bdb Object is locked skipped

S:\orbit-root\linc-eb5-0-767425b7ac9fe Object is locked skipped

S:\orbit-root\linc-eb7-0-767425b7ae0af Object is locked skipped

S:\orbit-root\linc-eb9-0-767425b7bdad7 Object is locked skipped

S:\orbit-root\linc-ebb-0-767425b7cdb0b Object is locked skipped

S:\orbit-root\linc-ebf-0-86bb14592fee Object is locked skipped

S:\orbit-root\linc-ec8-0-86bb145dc06a Object is locked skipped

S:\orbit-root\linc-ecc-0-7fc6907be113c Object is locked skipped

S:\orbit-root\linc-efa-0-2ef4eb981cfe3 Object is locked skipped

S:\orbit-root\linc-f13-0-6dd03bb5eb0e Object is locked skipped

S:\orbit-root\linc-f17-0-2ef4eb98af6d1 Object is locked skipped

S:\orbit-root\linc-f19-0-2ef4eb98b5c9b Object is locked skipped

S:\orbit-root\linc-f1b-0-2ef4eb98cd68f Object is locked skipped

S:\orbit-root\linc-f1d-0-2ef4eb98eac9c Object is locked skipped

S:\orbit-root\linc-f21-0-41a289c7acbc6 Object is locked skipped

S:\orbit-root\linc-f2a-0-13a25a7620d43 Object is locked skipped

S:\orbit-root\linc-f37-0-62dda83023e61 Object is locked skipped

S:\orbit-root\linc-f50-0-3fc00b9d6951d Object is locked skipped

S:\orbit-root\linc-f54-0-62dda830bf942 Object is locked skipped

S:\orbit-root\linc-f56-0-62dda830c18b9 Object is locked skipped

S:\orbit-root\linc-f58-0-62dda830d9c29 Object is locked skipped

S:\orbit-root\linc-f5a-0-62dda8377e60 Object is locked skipped

S:\orbit-root\linc-f5e-0-743fe14fc9308 Object is locked skipped

S:\orbit-root\linc-f67-0-468b93ea20bed Object is locked skipped

S:\orbit-root\linc-ed5-0-79b2c14d88af1 Object is locked skipped

S:\orbit-root\orb-735697711926897685 Object is locked skipped

S:\orbit-root\linc-11f1-0-463493044f10d Object is locked skipped

S:\orbit-root\linc-11f3-0-463493044f65e Object is locked skipped

S:\orbit-root\linc-11f6-0-46349304a6198 Object is locked skipped

S:\orbit-root\linc-c57-0-737c2bd57e47b Object is locked skipped

S:\orbit-root\linc-c5b-0-181b90c1b388f Object is locked skipped

S:\orbit-root\linc-f22-0-b87f1823a1c1 Object is locked skipped

S:\orbit-root\linc-d5d-0-2b1a34501898 Object is locked skipped

S:\orbit-root\linc-d77-0-2f68601c433e4 Object is locked skipped

S:\orbit-root\linc-d7b-0-2b1a3450855aa Object is locked skipped

S:\orbit-root\linc-d7d-0-2b1a345095bc5 Object is locked skipped

S:\orbit-root\linc-d7f-0-2b1a34509c157 Object is locked skipped

S:\orbit-root\linc-d81-0-2b1a3450b0999 Object is locked skipped

S:\orbit-root\linc-d8e-0-fe28e5316920 Object is locked skipped

S:\orbit-root\linc-d85-0-fe28e533d869 Object is locked skipped

S:\orbit-root\linc-e0f-0-15d77eac303d2 Object is locked skipped

S:\orbit-root\linc-f33-0-b87f182bc303 Object is locked skipped

S:\orbit-root\linc-f2f-0-b87f182c6924 Object is locked skipped

S:\orbit-root\linc-f35-0-b87f182ee766 Object is locked skipped

S:\orbit-root\linc-f39-0-135036f3005f Object is locked skipped

S:\orbit-root\linc-f7c-0-74f8bcf16f066 Object is locked skipped

S:\orbit-root\linc-3435-0-2c3934faa4c98 Object is locked skipped

S:\orbit-root\linc-344f-0-72a8f99942e6d Object is locked skipped

S:\orbit-root\linc-3451-0-7e3f6a738b400 Object is locked skipped

S:\orbit-root\linc-3461-0-354f679893f68 Object is locked skipped

S:\orbit-root\linc-3465-0-354f67989438f Object is locked skipped

S:\orbit-root\linc-3463-0-354f6798e586c Object is locked skipped

S:\orbit-root\linc-3467-0-4758334110a90 Object is locked skipped

S:\orbit-root\linc-346b-0-6b298763b60a1 Object is locked skipped

S:\orbit-root\linc-3472-0-7ee3f11e328d3 Object is locked skipped

S:\.font-unix\fs7100 Object is locked skipped

S:\.iroha_unix\IROHA Object is locked skipped

S:\.fam_socket Object is locked skipped

S:\jd_sockV4 Object is locked skipped

Scan process completed.

MessaggioInviato: gio mar 22, 2007 6:08 pm
da Amantide
kaori ha scritto:Ho notato che qui C:\Documents and Settings\utente\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5 ci sono 6 cartelle che contengono un sacco di porcherie, principalmente immagini e pubblicità, volevo sapere se posso cancellarle e come.

Si, puoi eliminarli svuotando i file temporanei internet. Per fare ciò puoi usare i programmi come CCleaner, oppure andando su Opzioni Internet--> Generale.

MessaggioInviato: gio mar 22, 2007 6:27 pm
da kaori
ho provato in entrambi i modi, ma i file sono rimasti,alcuni vecchissimi, anche di un paio d'anni fa.

MessaggioInviato: gio mar 22, 2007 6:38 pm
da Amantide
Prova a farlo con IE chiuso e dalla modalità provvisoria.

MessaggioInviato: gio mar 22, 2007 7:06 pm
da kaori
Siiiiiiiiiiii.....Sparitiiii [applauso+] Ora dovrei aver sistemato un po' di cose, ed il pc è tornato veloce, non so come ringraziarti Amantide e ti invidio molto perché io non ci capisco veramente nulla in materia [cry+]