www.MegaLab.it

da **Amantide** » lun ott 27, 2008 2:44 pm

Vedi se riesci a trovare il log di Avira e postarlo qui, forse ha eliminato qualcosa di troppo.

da **kassius68** » lun ott 27, 2008 9:07 pm

Ecco il log di avira

Avira AntiVir Personal
Report file date: domenica 26 ottobre 2008 21:03

Scanning for 1707541 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CERES200-N8WOTG

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 16:19:56
ANTIVIR3.VDF : 7.0.7.92 192000 Bytes 25/10/2008 19:45:33
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 25/10/2008 16:20:14
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 25/10/2008 16:20:12
AESCN.DLL : 8.1.1.3 123252 Bytes 25/10/2008 16:20:11
AERDL.DLL : 8.1.1.2 438644 Bytes 25/10/2008 16:20:10
AEPACK.DLL : 8.1.2.4 369014 Bytes 25/10/2008 16:20:08
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 25/10/2008 16:20:07
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 25/10/2008 16:20:06
AEHELP.DLL : 8.1.1.2 115062 Bytes 25/10/2008 16:20:03
AEGEN.DLL : 8.1.0.42 319861 Bytes 25/10/2008 16:20:02
AEEMU.DLL : 8.1.0.9 393588 Bytes 25/10/2008 16:20:01
AECORE.DLL : 8.1.2.8 172406 Bytes 25/10/2008 16:20:00
AEBB.DLL : 8.1.0.3 53618 Bytes 25/10/2008 16:19:59
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 25/10/2008 16:19:58
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: domenica 26 ottobre 2008 21:03

Starting search for hidden objects.
'40735' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'TrdLaunch.exe' - '1' Module(s) have been scanned
Scan process 'TrasWord.exe' - '1' Module(s) have been scanned
Scan process 'SpyEraser.exe' - '1' Module(s) have been scanned
Scan process 'RegistryBooster.exe' - '1' Module(s) have been scanned
Scan process 'LowLight.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\avenger\backup.zip
[0] Archive type: ZIP
-->

avenger/winfilse.exe
[DETECTION] Is the TR/Dldr.Bagle.adp Trojan
[NOTE] A backup was created as '4967d117.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '48c0c1e8.qua' ( QUARANTINE )
C:\Documents and Settings\ceres2001\Desktop\MegaLab.it_A_v_E_n_G_e_R.exe
[DETECTION] Contains recognition pattern of the SPR/Avenger program
[NOTE] A backup was created as '496bd196.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '48c704a7.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0055945.exe
[DETECTION] Is the TR/Dldr.Bagle.adp Trojan
[NOTE] A backup was created as '4934d579.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d57a.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0055947.exe
[DETECTION] Is the TR/Dldr.Bagle.adp Trojan
[NOTE] A backup was created as '4934d57b.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d57d.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0056945.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d57f.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800b0.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0056981.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d584.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800b5.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0056997.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d585.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800b6.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0056998.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d586.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800b7.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0057982.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d587.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800b8.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0057998.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d589.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800ba.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0057999.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d58a.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800bb.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0058072.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d598.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800a9.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0058187.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5b1.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '48980082.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0059072.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d5bb.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4898008c.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0059074.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '48e18424.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d5bc.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0059092.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d5be.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4898008f.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0059093.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '48e18427.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d5a0.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0060092.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d5c2.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800f3.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP144\A0060093.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5c3.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800f4.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060190.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] A backup was created as '4934d5d8.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d5d9.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060194.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '48e18442.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800ea.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060196.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5db.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800ec.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060204.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] A backup was created as '4934d5dd.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d5de.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060207.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5df.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800d0.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060208.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5e0.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800d1.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060219.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5e2.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800d3.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060223.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5e4.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800d5.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060229.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5e6.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800d7.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060230.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d5e7.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489800d8.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060231.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5e8.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b00d9.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0060249.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d5ec.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b00dd.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061249.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d5ef.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b00c0.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061256.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] A backup was created as '4934d5f1.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d5f2.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061259.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5f3.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b00c4.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061260.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5f4.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b00c5.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061261.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5f5.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b00c6.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061264.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d5f7.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d5f8.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061270.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d5fa.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b00cb.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061286.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d601.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0332.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP152\A0061304.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d612.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d615.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP155\A0061457.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d630.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0301.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP155\A0061468.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d631.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0302.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0062457.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d635.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0306.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0062468.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d636.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0307.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0062469.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d637.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0308.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0062477.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d638.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0309.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0062488.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d63a.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b030b.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0063478.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d63d.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b030e.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0063489.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d63e.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d63f.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0063490.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '48e187d8.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d640.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0063499.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d641.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0372.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0063523.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d643.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0374.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064543.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d645.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0376.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064554.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d646.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d647.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064555.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '48e187d0.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0378.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064566.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] A backup was created as '4934d648.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d649.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064569.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] A backup was created as '4934d64a.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b037b.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064576.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d64b.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b037c.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064577.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] A backup was created as '4934d64d.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b037e.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064578.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d64e.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b037f.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064583.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d64f.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0360.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064585.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d650.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d651.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064587.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '48e187ca.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0362.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064591.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d652.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d653.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064594.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '48e187cc.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '489b0364.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064599.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d654.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d655.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064600.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '48e187ce.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d656.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064603.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] A backup was created as '48e187cf.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d657.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064632.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d659.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d65a.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064649.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] A backup was created as '4934d65c.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4884036d.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064652.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d65d.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4884036e.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064653.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d65e.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4884036f.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064655.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d65f.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '48840350.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064656.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d660.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '48840351.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064657.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] A backup was created as '4934d661.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '48840352.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064658.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] A backup was created as '4934d662.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '48840353.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP156\A0064837.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] A backup was created as '4934d674.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4934d675.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP157\A0064884.EXE
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] A backup was created as '4934d67d.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '4884034e.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP157\A0064900.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program
[NOTE] A backup was created as '4934d680.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '488403b1.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP157\A0064907.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] A backup was created as '4934d681.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '488403b2.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP158\A0065023.exe
[DETECTION] Is the TR/Dldr.Bagle.adp Trojan
[NOTE] A backup was created as '4934d690.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '488403a1.qua' ( QUARANTINE )
C:\System Volume Information\_restore{A38A8BE0-CDCA-47AD-894F-D78A563AE05E}\RP159\A0065033.exe
[DETECTION] Is the TR/Agent.65536.W Trojan
[NOTE] A backup was created as '4934d693.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '488403a4.qua' ( QUARANTINE )
C:\WINDOWS\NIRCMD.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] A backup was created as '4956d6c2.qua' ( QUARANTINE )
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] A backup was created as '48fdc633.qua' ( QUARANTINE )

End of the scan: domenica 26 ottobre 2008 22:27
Used time: 1:25:41 Hour(s)

The scan has been done completely.

2818 Scanning directories
110192 Files were scanned
83 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
166 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
110107 Files not concerned
844 Archives were scanned
2 Warnings
83 Notes
40735 Objects were scanned with rootkit scan
0 Hidden objects were found

da **Amantide** » lun ott 27, 2008 11:07 pm

Ecco il log di avira

Nulla di rilevante direi, a parte un file e la cartella di backup di Avenger ha rimosso solo i punti di ripristino infetti.

E' strano comunque, prima di eseguire la scansione con Avira pare che dicevi che il pc era stabile [uhm]

da **kassius68** » mar ott 28, 2008 9:00 am

Buongiorno allora premetto che il pc da quando ho tolto i virus va molto meglio il mio problema è nell'apertura di explorer lancia la pagina ma me la tiene parekkio tempo in bianco sul desktop e poi la carica mentre se vado in start e apro qualsiasi cartella me la apre subito ora nn so se il ritardo di apertura di explorer sia dovuto anche ad avira [uhm]

forse dovrei fare onecare che dici?

da **Amantide** » mar ott 28, 2008 12:28 pm

kassius68 ha scritto:nn so se il ritardo di apertura di explorer sia dovuto anche ad avira forse dovrei fare onecare che dici?

Può essere [uhm]

Mi posti il log di Hijackthis così vedo se c'è qualche programma con il quale Avira va in conflitto?

da **kassius68** » mar ott 28, 2008 2:22 pm

ciao ecco il log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.14.50, on 28/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
C:\Programmi\IdiomaX\Translation Suite 5.0\TrasWord.exe
C:\Programmi\IdiomaX\Translation Suite 5.0\TrdLaunch.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmi\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\ceres2001\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barra degli Strumenti di IdiomaX - {477A7A3C-8B11-4B02-ADD1-7A01C4D00FA2} - C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\TrdIEAddIn.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [IdiomaX Office] C:\Programmi\IdiomaX\Translation Suite 5.0\IdxOffice.exe
O4 - HKLM\..\Run: [IdiomaX Product Update] C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistente di Traduzione IdiomaX.lnk = C:\Programmi\IdiomaX\Translation Suite 5.0\TrasWord.exe
O4 - Global Startup: BitDefender for MSN Messenger.lnk = C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe
O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe
O4 - Global Startup: Traduttore di E-Mail IdiomaX.lnk = C:\Programmi\IdiomaX\Translation Suite 5.0\TrdLaunch.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Mostra/Nascondi Barra di Traduzione - {FE768A8F-9F88-4511-B28B-552ED2F6B500} - C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\TrdIEAddIn.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A20DDAEA-A14A-4E6F-9F63-1477CF88DB28}: NameServer = 85.37.17.49,85.38.28.91
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6905 bytes

da **Amantide** » mar ott 28, 2008 2:54 pm

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

Ma non hai disinstallato Avast prima di installare Avira? [uhm]

da **kassius68** » mar ott 28, 2008 3:36 pm

ehmmm .....no [fischio]

visto che lo aveva disattivato il virus

da **Amantide** » mar ott 28, 2008 4:38 pm

kassius68 ha scritto:ehmmm .....no visto che lo aveva disattivato il virus

Si, ma non del tutto. Qualcosa è rimasto sempre attivo in memoria.
Intanto disinstallalo e fai un po' di pulizie con CCleaner e dopo vedi se si risolve anche il blocco e la lentezza del browser.

da **kassius68** » mar ott 28, 2008 9:51 pm

ho fatto la pulizia con ccleaner ma va ancora lento e si blokka [;)]

delle icone affianco all'orologio avvolte si anneriscono, forse è arrivato il momento di formattare?? [uhm]

da **Amantide** » mar ott 28, 2008 9:57 pm

Ma hai disinstallato Avast prima?

Scarica anche Gmer, estrai l'archivio sul desktop ed avvia il file gmer.exe. Vai sulla scheda Autostart, spunta la voce Show all e clicca su Scan. A scansione terminata clicca su Copy ed incolla il risultato sul Blocco note o direttamente qui. Ripeti l'operazione anche per la scheda Rootkit.

da **kassius68** » mer ott 29, 2008 9:03 am

Ciao buongiorno eccomi il log del primo

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-10-28 22:26:43
Windows 5.1.2600 Service Pack 3

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe"
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\System32\svchost.exe -k NetworkService
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv@ = %systemRoot%\System32\svchost.exe -k netsvcs
WudfSvc@ = %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LogitechGalleryRepairC:\Programmi\Logitech\ImageStudio\ISStart.exe = C:\Programmi\Logitech\ImageStudio\ISStart.exe
@LogitechImageStudioTrayC:\Programmi\Logitech\ImageStudio\LogiTray.exe = C:\Programmi\Logitech\ImageStudio\LogiTray.exe
@IdiomaX OfficeC:\Programmi\IdiomaX\Translation Suite 5.0\IdxOffice.exe = C:\Programmi\IdiomaX\Translation Suite 5.0\IdxOffice.exe
@IdiomaX Product UpdateC:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART /*file not found*/ = C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART /*file not found*/
@Adobe Reader Speed Launcher"C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@avgnt"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@msnmsgr"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background = "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
@Uniblue RegistryBooster 2C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S /*file not found*/ = C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S /*file not found*/
@Uniblue SpyEraser"C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m = "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTray%systemroot%\system32\stobject.dll = %systemroot%\system32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B446400D-0030-457b-8F64-422A19605186} /*Logitech Gallery*/C:\Programmi\Logitech\ImageStudio\NameSpc.dll = C:\Programmi\Logitech\ImageStudio\NameSpc.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/(null) =
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/(null) =
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/(null) =
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/(null) =
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@(null) =
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{bd0e4d83-654e-4213-965b-fcbe887061f4}C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll = C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll /*file not found*/ = C:\Programmi\Java\jre6\bin\jp2ssv.dll /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.libero.it/

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A20DDAEA-A14A-4E6F-9F63-1477CF88DB28} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.65 = 192.168.1.65
@NameServer85.37.17.49,85.38.28.91 = 85.37.17.49,85.38.28.91
@DefaultGateway192.168.1.254 = 192.168.1.254
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Assistente di Traduzione IdiomaX.lnk = Assistente di Traduzione IdiomaX.lnk
BitDefender for MSN Messenger.lnk = BitDefender for MSN Messenger.lnk
BitDefender_P2P_Startup.lnk = BitDefender_P2P_Startup.lnk
Traduttore di E-Mail IdiomaX.lnk = Traduttore di E-Mail IdiomaX.lnk

---- EOF - GMER 1.0.14 ----

questo è il secondo il rootkit

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-29 02:23:57
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT F8911C54 ZwCreateThread
SSDT F8911C40 ZwOpenProcess
SSDT F8911C45 ZwOpenThread
SSDT F8911C4F ZwTerminateProcess
SSDT F8911C4A ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\Windows Live\Messenger\msnmsgr.exe[356] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Programmi\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

da **kassius68** » mer ott 29, 2008 9:48 am

comunque stamattina me lo vedo diverso il pc ma nn vorrei cantare vittoria sai poko fa avira mi ha rilevato un'altro virus [acc2]

che era sul desktop il log di avenger ma lo ha messo in quarantena [cry]

qui spuntano come funghi sti virus [applauso+]

bhe speriamo che la pulizia che abbiamo fatto ieri o quello che mi hai fatto fare tu sucessivamente mi hai abbia risolto il problema.....ti terrò aggiornata ciao [^]

da **Amantide** » mer ott 29, 2008 10:38 am

kassius68 ha scritto:poko fa avira mi ha rilevato un'altro virus che era sul desktop il log di avenger ma lo ha messo in quarantena qui spuntano come funghi sti virus

Non ti preoccupare che avrà messo in quarantena la cartella di backup che crea Avenger rimuovendo i file. Anche se non erano più attivi, per Avira rimanevano sempre dei file con il codice malevole [;)]

I log di Gmer sono puliti [^]

da **kassius68** » mer ott 29, 2008 9:30 pm

ora il pc va bene non si blokka piu [applauso+]

ti ringrazio per tutto quello che hai fatto [^]

da **Amantide** » mer ott 29, 2008 10:03 pm

Di niente

www.MegaLab.it

virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Re: virus bagle

Chi c’è in linea