Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Articolo sul worm beagle: il mio caso

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Articolo sul worm beagle: il mio caso

Messaggioda noop » mer set 12, 2007 12:07 pm

Buongiorno a tutti! [^] stavo pensando già da un po' di unirmi al forum e adesso che la necessità mi obbliga, l'ho fatto. ho letto l'articolo su come sconfiggere il worm bagle e ho deciso di contattarvi per analizzare il log di gmer dagli esperti, come consigliato appunto nell'articolo.

ecco la mia situazione. il pc, win 2000, ha preso il worm Bagle ieri ne sono sicuro(nn so come, forse colpa della famiglia...) e riavviando e riaccendendo dava un errore con schermata blu riguado al driver:srosa.sys. ho provato in modalità provvisoria ma nada, così come ultima speranza ho fatto f8 e l'opzione: ultima configurazione funzionante. per fortuna windows si è avviato perfettamente, normalissimo,niente di strano a parte... kasperky che si è avviato ma ha segnalato la resenza di un rootkit(hidr.exe). io l'ho messo in quarantena. poi kasperky ha avuto dei problemi con l'avvio dei servizi di protezione web e mail ma l'antivirus di per se era perfettamente funzionante... il vecchio(nuovo versione 7!) kasper non mollava. così ho cercato su internet e sono arrivato qui. poi ho ririavviato un po' di volte e kasperky mi ha segnalato altri processi rootkit bloccandoli (flec006.exe ecc...) volevo attuare il piano di rimozione descritto da MegaLab ma era sera così sono andato a nanna( che incubi!). oggi accendendolo con f8 e ultima conf. funz. tutto si è avviato perfettamENTE pure kasperky. allora mi sa che ha debellato quasi del tutto il rootkit ma ci sono delle traccie magari tra i servizi


il log del autostart


GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-09-12 12:57:43
Windows 5.0.2195 Service Pack 4


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = PDBoot.exe autocheck autochk *

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINNT\system32\userinit.exe, = C:\WINNT\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
klogon@DLLName = C:\WINNT\system32\klogon.dll
netevent32@DLLName = netevent32.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
wzcnotif@DLLName = wzcdlg.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVP /*Kaspersky Anti-Virus 7.0*/@ = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r
Browser /*Browser di computer*/@ = %SystemRoot%\system32\services.exe
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\services.exe
dmserver /*Gestione disco logico*/@ = %SystemRoot%\System32\services.exe
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\services.exe
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
lanmanserver /*Server*/@ = %SystemRoot%\system32\services.exe
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\services.exe
LmHosts /*Servizio guida TCP/IP NetBIOS*/@ = %SystemRoot%\system32\services.exe
Messenger /*Messenger*/@ = %SystemRoot%\system32\services.exe
NtmsSvc /*Gestione archivi rimovibili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Agente criteri IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\services.exe
RemoteRegistry /*Servizio Registro di sistema remoto*/@ = %SystemRoot%\system32\regsvc.exe
RichVideo /*Cyberlink RichVideo Service(CRVS)*/@ = "C:\Programmi\CyberLink\Shared files\RichVideo.exe" ??????????????????????????????????? ??????????????
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione protezione account*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\system32\MSTask.exe
seclogon /*Servizio RunAs*/@ = %SystemRoot%\system32\services.exe
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\services.exe
UPHClean /*User Profile Hive Cleanup*/@ = C:\Programmi\UPHClean\uphclean.exe
WinMgmt /*Strumentazione gestione Windows*/@ = %SystemRoot%\System32\WBEM\WinMgmt.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@LanguageShortcutC:\Programmi\CyberLink\PowerDVD\Language\Language.exe = C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" = "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
@AVP"C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RocketDock"C:\Programmi\RocketDock\RocketDock.exe" = "C:\Programmi\RocketDock\RocketDock.exe"
@UberIcon"C:\Programmi\UberIcon\UberIcon Manager.exe" = "C:\Programmi\UberIcon\UberIcon Manager.exe"
@SkinClockC:\Programmi\Clock Tray Skins\ClockTraySkins.exe = C:\Programmi\Clock Tray Skins\ClockTraySkins.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@Network.ConnectionTrayC:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTraystobject.dll = stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINNT\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*Estensione CPL PlusPack*/C:\WINNT\system32\plustab.dll = C:\WINNT\system32\plustab.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/ /*file not found*/ = /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINNT\system32\hticons.dll = C:\WINNT\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINNT\system32\wshext.dll = C:\WINNT\system32\wshext.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Rete e connessioni remote*/C:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINNT\system32\mstask.dll = C:\WINNT\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINNT\system32\mstask.dll = C:\WINNT\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINNT\system32\mstask.dll = C:\WINNT\system32\mstask.dll
@{1A9BA3A0-143A-11CF-8350-444553540000} /*Cartella Preferiti*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{20D04FE0-3AEA-1069-A2D8-08002B30309D} /*Risorse del computer*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{86747AC0-42A0-1069-A2E6-08002B30309D} /*Cartella Sincronia file*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{0AFACED1-E828-11D1-9187-B532F1E9575D} /*Collegamento alla cartella*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{12518493-00B2-11d2-9FA5-9E3420524153} /*Volume installato*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{21B22460-3AEA-1069-A2DC-08002B30309D} /*Estensione pagina proprietà file*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{B091E540-83E3-11CF-A713-0020AFD79762} /*Pagina tipi di file*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{FBF23B41-E3F0-101B-8488-00AA003E56F8} /*Hook di tipi di file MIME*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{C2FBB630-2971-11d1-A18C-00C04FD75D13} /*Servizio CopyTo Microsoft*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{C2FBB631-2971-11d1-A18C-00C04FD75D13} /*Microsoft MoveTo Service*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{13709620-C279-11CE-A49E-444553540000} /*Servizio automazione della shell*/C:\WINNT\system32\Shell32.dll = C:\WINNT\system32\Shell32.dll
@{62112AA1-EBE4-11cf-A5FB-0020AFE7292D} /*Shell Automation Folder View*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{4622AD11-FF23-11d0-8D34-00A0C90F2719} /*Menu Avvio*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{7BA4C740-9E81-11CF-99D3-00AA004AE837} /*Microsoft SendTo Service*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{D969A300-E7FF-11d0-A93B-00A0C90F2719} /*Microsoft New Object Service*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{09799AFB-AD67-11d1-ABCD-00C04FC30936} /*Apri con gestore menu di scelta rapida*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{3FC0B520-68A9-11D0-8D77-00C04FD70822} /*Mostra estensioni HTML del Pannello di controllo*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{75048700-EF1F-11D0-9888-006097DEACF9} /*ActiveDesktop*/C:\WINNT\system32\Shell32.dll = C:\WINNT\system32\Shell32.dll
@{6D5313C0-8C62-11D1-B2CD-006097DF8C11} /*Estensione pagina proprietà Opzioni cartella*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{57651662-CE3E-11D0-8D77-00C04FC99D61} /*CmdFileIcon*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{4657278A-411B-11d2-839A-00C04FD918D0} /*Helper trascinamento selezione Shell*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{A470F8CF-A1E8-4f65-8335-227475AA5C46} /*Aggiungere l'elemento di crittografia al menu di scelta rapida in Esplora risorse*/%SystemRoot%\system32\Shell32.dll = %SystemRoot%\system32\Shell32.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{568804CA-CBD7-11d0-9816-00C04FD91972} /*Menu Shell Folder*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{5b4dae26-b807-11d0-9815-00c04fd91972} /*Menu Band*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{8278F931-2A3E-11d2-838F-00C04FD918D0} /*Tracking Shell Menu*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{E13EF4E4-D2F2-11d0-9816-00C04FD91972} /*Menu Site*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{ECD4FC4F-521C-11D0-B792-00A0C90312E1} /*Menu Desk Bar*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{D82BE2B0-5764-11D0-A96E-00C04FD705A2} /*IShellFolderBand*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{0E5CBF21-D15F-11d0-8301-00AA005B4383} /*Co&llegamenti*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{7487cd30-f71a-11d0-9ea7-00805f714772} /*Immagine di anteprima*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\system32\sendmail.dll = C:\WINNT\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\system32\sendmail.dll = C:\WINNT\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{EAB841A0-9550-11CF-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Programma di estrazione filtri grafici di Office in anteprima*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{9DBD2C50-62AD-11D0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{500202A0-731E-11D0-B829-00C04FD706EC} /*LNK file thumbnail interface delegator*/C:\WINNT\system32\thumbvw.dll = C:\WINNT\system32\thumbvw.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8C-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{fe1290f0-cfbd-11cf-a330-00aa00c16e65} /*Directory Namespace*/dsfolder.dll = dsfolder.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/dsfolder.dll = dsfolder.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/dsquery.dll = dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/dsquery.dll = dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/dsquery.dll = dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/dsuiext.dll = dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/dsuiext.dll = dsuiext.dll
@{450D8FBA-AD25-11D0-98A8-0800361B1103} /*MyDocs Folder*/mydocs.dll = mydocs.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/mydocs.dll = mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/mydocs.dll = mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/mydocs.dll = mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Menu file non in linea*/cscui.dll = cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Opzioni cartella File non in linea*/cscui.dll = cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/cscui.dll = cscui.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/mmcshext.dll = mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\OLE DB\oledb32.dll = C:\Programmi\File comuni\System\OLE DB\oledb32.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\BROWSEUI.DLL = %SystemRoot%\System32\BROWSEUI.DLL
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\SHDOCVW.DLL = %SystemRoot%\System32\SHDOCVW.DLL
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{6C6BA5E0-1277-11D5-8DC4-444553540000} /*4th split file property sheet*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} /*The Core Media Player Shell Extension*/(null) =
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/C:\Programmi\Spyware Terminator\sptcontmenu.dll = C:\Programmi\Spyware Terminator\sptcontmenu.dll
@{08267B21-223F-11d3-ACD4-004F4902B913} /*Desktop Architect*/C:\Programmi\Desktop Architect\dadesk.dll = C:\Programmi\Desktop Architect\dadesk.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINNT\system32\dfshim.dll = C:\WINNT\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINNT\system32\dfshim.dll = C:\WINNT\system32\dfshim.dll
@{611AD258-4138-4348-A534-9856FA6BA398} /*IconPackager Icon Handler*/C:\Programmi\Stardock\Object Desktop\IconPackager\shellext.dll = C:\Programmi\Stardock\Object Desktop\IconPackager\shellext.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus*/C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\Shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\Shell32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DAP_ShredMenu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} =
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\Shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll = C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar1.dll = c:\programmi\google\googletoolbar1.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINNT\system32\urlmon.dll
deflate@CLSID = C:\WINNT\system32\urlmon.dll
gzip@CLSID = C:\WINNT\system32\urlmon.dll
lzdhtml@CLSID = C:\WINNT\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\Shell32.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\MSHTML.DLL
cdl@CLSID = C:\WINNT\system32\urlmon.dll
file@CLSID = C:\WINNT\system32\urlmon.dll
ftp@CLSID = C:\WINNT\system32\urlmon.dll
gopher@CLSID = C:\WINNT\system32\urlmon.dll
http@CLSID = C:\WINNT\system32\urlmon.dll
https@CLSID = C:\WINNT\system32\urlmon.dll
its@CLSID = C:\WINNT\system32\itss.dll
javascript@CLSID = %SystemRoot%\System32\MSHTML.DLL
local@CLSID = C:\WINNT\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\MSHTML.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINNT\system32\urlmon.dll
ms-its@CLSID = C:\WINNT\system32\itss.dll
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = %SystemRoot%\System32\MSHTML.DLL
sysimage@CLSID = %SystemRoot%\System32\MSHTML.DLL
vbscript@CLSID = %SystemRoot%\System32\MSHTML.DLL
vnd.ms.radio@CLSID = C:\WINNT\system32\msdxm.ocx

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FEB01DE5-CD5A-4681-9BB5-F9F757724396} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.34 = 192.168.1.34
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\rnr20.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica >>>
AntiCrash.lnk = AntiCrash.lnk
Collegamento a lwdkernel.lnk = Collegamento a lwdkernel.lnk
Hare.lnk = Hare.lnk
MemTurbo.lnk = MemTurbo.lnk
Zoom.lnk = Zoom.lnk

---- EOF - GMER 1.0.13 ----


quello dei services non riesco a copiarlo(niente tasto) ma ho notato


srosa SYSTEM ecc...drivers/srosa.sys description:Megadrv3

e lui il maledetto vero?




lo so che è un casino ma vi prego di guardarlo
Ultima modifica di noop il mer set 12, 2007 12:18 pm, modificato 1 volta in totale.
Avatar utente
noop
Aficionado
Aficionado
 
Messaggi: 58
Iscritto il: mar set 11, 2007 9:12 pm
Top

Messaggioda crazy.cat » mer set 12, 2007 12:17 pm

Hai usato lo script per avenger che trovi qui?
http://www.MegaLab.it/forum/viewtopic.php?t=34010

Fai una scansione completa del disco con kaspersky, perché il bagle semina alcuni file infetti in giro per il pc.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda noop » mer set 12, 2007 12:29 pm

adesso la faccio poi la posto qui

PS:comunque ho modificato il topic iniziale mettendo solo il log autostart come consigliato

allora kasperky non ha segnalato nulla, comunque ho eseguito avenger con tutti gli script possibili postati poi ho eseguito elibagle(programma per rimuovere proprio il bagle) e mi ha ristorato le chiavi del safe boot cancellate dal virus. ho fatto ancora una scansione in mod provvisoria con kaspersky e tutto ok!

grazie del suggerimento ho concluso con successo [applauso+]
Avatar utente
noop
Aficionado
Aficionado
 
Messaggi: 58
Iscritto il: mar set 11, 2007 9:12 pm
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 14 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising