Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

log hijackthis/log gmer

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

log hijackthis/log gmer

Messaggioda antonio » lun feb 12, 2007 7:15 pm

ragazzi mi controllate questo log?


Logfile of HijackThis v1.99.1
Scan saved at 16.58.34, on 12/02/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\apvxdwin.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\D-Tools\daemon.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\programmi\panda software\panda antivirus + firewall 2007\WebProxy.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX01.390\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?6313a52a1ffa4e59811c72dbc173822d
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?6313a52a1ffa4e59811c72dbc173822d
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.realsearch.cc
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
Ultima modifica di antonio il mar feb 13, 2007 1:47 pm, modificato 1 volta in totale.
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza

Re: log hijackthis

Messaggioda crazy.cat » lun feb 12, 2007 7:56 pm

Cancella queste righe
antonio ha scritto:O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O15 - Trusted Zone: *.realsearch.cc


che problemi hai?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda antonio » lun feb 12, 2007 8:01 pm

pc del papino;lento già dall'avvio,ogni tanto non apre le pagine.sto scansionando con a2squared che per ora mi ha trovato trojan clicker.win32.small.kj...elimino quelle righe?
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza


Messaggioda crazy.cat » lun feb 12, 2007 8:17 pm

Si, cancella le righe che ti ho indicato.

tieni conto che panda è un mattoncino per il pc quasi al livello di norton come pesantezza.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Amantide » lun feb 12, 2007 8:33 pm

antonio ha scritto:sto scansionando con a2squared che per ora mi ha trovato trojan clicker.win32.small.kj...elimino quelle righe?

Mi sa che sia il caso di scansionare anche con qualche antirootkit.
Postami qui il log della scansione con Gmer delle sezioni Autostart e Rootkit.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda antonio » lun feb 12, 2007 9:05 pm

ok riavvio l'altro pc
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza

Messaggioda antonio » lun feb 12, 2007 9:18 pm

domanda stupida...non ho capito dove salva il risultato delle scansioni
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza

Messaggioda antonio » lun feb 12, 2007 9:35 pm

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-12 20:28:16
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
igfxcui@DLLName = igfxdev.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BITS /*Servizio trasferimento intelligente in background*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
BthServ /*Bluetooth Support Service*/@ = %SystemRoot%\system32\svchost.exe -k bthsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ehRecvr /*Media Center Receiver Service*/@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched /*Media Center Scheduler Service*/@ = C:\WINDOWS\eHome\ehSched.exe
ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
hpqwmiex /*hpqwmiex*/@ = C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LexBceS /*LexBce Server*/@ = C:\WINDOWS\system32\LEXBCES.EXE
LightScribeService /*LightScribeService Direct Disc Labeling Service*/@ = "C:\Programmi\File comuni\LightScribe\LSSrvc.exe"
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
McrdSvc /*Media Center Extender Service*/@ = C:\WINDOWS\ehome\mcrdsvc.exe
MSMQ /*Message Queuing*/@ = C:\WINDOWS\system32\mqsvc.exe
MSMQTriggers /*Message Queuing Triggers*/@ = C:\WINDOWS\system32\mqtgsvc.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
sp_rssrv /*Spyware Terminator Realtime Shield Service*/@ = C:\Programmi\Spyware Terminator\sp_rsser.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SSDPSRV /*SSDP Discovery Service*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ehTrayC:\WINDOWS\ehome\ehtray.exe = C:\WINDOWS\ehome\ehtray.exe
@hpWirelessAssistantC:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe = C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
@igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@High Definition Audio Property Page ShortcutCHDAudPropShortcut.exe = CHDAudPropShortcut.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@QPService"C:\Programmi\HP\QuickPlay\QPService.exe" = "C:\Programmi\HP\QuickPlay\QPService.exe"
@HP Software UpdateC:\Programmi\Hp\HP Software Update\HPWuSchd2.exe = C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
@QlbCtrl%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/ = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/
@CpqsetC:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe ?@ ? ??L?@ ? ???U? `?@ L?@ = C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe ?@ ? ??L?@ ? ???U? `?@ L?@
@RecGuardC:\Windows\SMINST\RecGuard.exe = C:\Windows\SMINST\RecGuard.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@Zone Labs Client"C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
@SpywareTerminator"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@swgC:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Arovax ShieldC:\Programmi\Arovax Shield\ArovaxShield.exe -tray /*file not found*/ = C:\Programmi\Arovax Shield\ArovaxShield.exe -tray /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/c:\WINDOWS\system32\mscoree.dll = c:\WINDOWS\system32\mscoree.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Shell Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E62-B078-11d0-89E4-00C04FC9E26E} /*History Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\audiodev.dll = %SystemRoot%\system32\audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\audiodev.dll = %SystemRoot%\system32\audiodev.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a-squared Context Menu Shell Extension*/(null) =
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/C:\Programmi\Spyware Terminator\sptcontmenu.dll = C:\Programmi\Spyware Terminator\sptcontmenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2ContMenu@{AB77609F-2178-4E6F-9C4B-44AC179D937A} =
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\Windows Live Toolbar\msntb.dll = C:\Programmi\Windows Live Toolbar\msntb.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=64&bd=pavilion&pf=laptop = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINDOWS\system32\mscoree.dll
application/x-complus@CLSID = C:\WINDOWS\system32\mscoree.dll
application/x-msdownload@CLSID = C:\WINDOWS\system32\mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81DAC7D6-FAB3-4463-83A6-1625D66417F5} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress10.1.1.14 = 10.1.1.14
@NameServer10.1.1.1,4.2.2.2 = 10.1.1.1,4.2.2.2
@DefaultGateway10.1.1.1 = 10.1.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = DSLMON.lnk

---- EOF - GMER 1.0.12 ----
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza

Messaggioda antonio » mar feb 13, 2007 1:44 pm

allego anche il rootkit

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-13 04:29:47
Windows 5.1.2600


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys ZwTerminateThread

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [ 06 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes [ BA, B1, 5F, F9 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 208 804FC720 4 Bytes [ D6, B2, 5F, F9 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 210 804FC728 4 Bytes [ 2A, B4, 5F, F9 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 228 804FC740 4 Bytes [ B2, B3, 5F, F9 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 804FC748 4 Bytes [ 8A, B5, 5F, F9 ]
.text ...

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] kernel32.dll!WriteProcessMemory 77E41A90 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] kernel32.dll!CreateProcessW 77E41B8A 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] kernel32.dll!WinExec 77E484C6 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] kernel32.dll!OpenProcess 77E506B7 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] kernel32.dll!LoadLibraryExW 77E6049B 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] WS2_32.dll!connect 71A33E5D 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] WS2_32.dll!listen 71A35DE2 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] ADVAPI32.dll!CreateServiceA 77DFBF4B 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] ADVAPI32.dll!CreateServiceA + 4 77DFBF4F 2 Bytes [ 14, 5F ]
.text C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WEBPROXY.EXE[916] ADVAPI32.dll!CreateServiceW 77DFC0C8 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!LdrLoadDll 77F469D2 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!LdrLoadDll + 4 77F469D6 2 Bytes [ 49, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtClose 77F6E543 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtClose + 4 77F6E547 2 Bytes [ 4C, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtCreateFile 77F6E603 1 Byte [ FF ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtCreateFile + 2 77F6E605 1 Byte [ 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtCreateFile + 4 77F6E607 2 Bytes [ 6D, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtCreateKey 77F6E643 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtCreateKey + 4 77F6E647 2 Bytes [ 4F, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtDeleteFile 77F6E793 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtDeleteFile + 4 77F6E797 2 Bytes [ 70, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtDeleteKey 77F6E7A3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtDeleteKey + 4 77F6E7A7 2 Bytes [ 52, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtDeleteValueKey 77F6E7C3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtDeleteValueKey + 4 77F6E7C7 2 Bytes [ 55, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtDuplicateObject 77F6E7F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtDuplicateObject + 4 77F6E7F7 2 Bytes [ 58, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtEnumerateKey 77F6E823 6 Bytes JMP 3AF8F05A
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtEnumerateValueKey 77F6E843 6 Bytes PUSH 020834ED; RET
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtOpenFile 77F6EAF3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtOpenFile + 4 77F6EAF7 2 Bytes [ 73, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtQueryMultipleValueKey 77F6EDC3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtQueryMultipleValueKey + 4 77F6EDC7 2 Bytes [ 61, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtQuerySystemInformation 77F6EE83 6 Bytes PUSH 02083650; RET
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtQueryValueKey 77F6EEC3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtQueryValueKey + 4 77F6EEC7 2 Bytes [ 64, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtReadFile 77F6EF23 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtReadFile + 4 77F6EF27 2 Bytes [ 76, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtSetInformationFile 77F6F1B3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtSetInformationFile + 4 77F6F1B7 2 Bytes [ 79, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtSetValueKey 77F6F323 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtSetValueKey + 4 77F6F327 2 Bytes [ 67, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtUnloadKey 77F6F423 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtUnloadKey + 4 77F6F427 2 Bytes [ 6A, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtWriteFile 77F6F4D3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ntdll.dll!NtWriteFile + 4 77F6F4D7 2 Bytes [ 7C, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!TerminateProcess 77E416B4 6 Bytes [ FF, 25, 1E, 00, 34, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!WriteProcessMemory 77E41A90 6 Bytes [ FF, 25, 1E, 00, B7, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!CreateProcessW 77E41B8A 6 Bytes [ FF, 25, 1E, 00, B2, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!WinExec 77E484C6 6 Bytes [ FF, 25, 1E, 00, AC, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!CopyFileExW 77E4B350 6 Bytes [ FF, 25, 1E, 00, 3A, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!OpenProcess 77E506B7 6 Bytes [ FF, 25, 1E, 00, BA, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!MoveFileWithProgressW 77E51783 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!MoveFileWithProgressW + 4 77E51787 2 Bytes [ 43, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!CreateFileMappingW 77E576D3 6 Bytes [ FF, 25, 1E, 00, 3D, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!CreateRemoteThread 77E5AA83 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!CreateRemoteThread + 4 77E5AA87 2 Bytes [ 40, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!MapViewOfFileEx 77E5C1BD 6 Bytes [ FF, 25, 1E, 00, 37, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!CreateProcessInternalW 77E5D9F2 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!CreateProcessInternalW + 4 77E5D9F6 2 Bytes [ 46, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] kernel32.dll!LoadLibraryExW 77E6049B 6 Bytes [ FF, 25, 1E, 00, AF, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!DispatchMessageW 77D13DC5 6 Bytes [ FF, 25, 1E, 00, A9, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!TranslateMessage 77D13DD3 6 Bytes [ FF, 25, 1E, 00, 94, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!DispatchMessageA 77D141F2 6 Bytes [ FF, 25, 1E, 00, 91, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!GetKeyState 77D1808B 6 Bytes [ FF, 25, 1E, 00, A0, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!SetWindowsHookExW 77D189C3 6 Bytes [ FF, 25, 1E, 00, A6, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!SetWindowsHookExA 77D18F56 6 Bytes [ FF, 25, 1E, 00, 8B, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!GetAsyncKeyState 77D1932C 6 Bytes [ FF, 25, 1E, 00, 97, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!BeginDeferWindowPos 77D1A394 6 Bytes [ FF, 25, 1E, 00, 8E, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!CreateAcceleratorTableW 77D20D7E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!CreateAcceleratorTableW + 4 77D20D82 2 Bytes [ A3, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!GetKeyboardState 77D2D18C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!GetKeyboardState + 4 77D2D190 2 Bytes [ 9D, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!AttachThreadInput 77D2D3A9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] USER32.dll!AttachThreadInput + 4 77D2D3AD 2 Bytes [ 9A, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!CloseServiceHandle 77DAAB2F 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!OpenServiceW 77DAAC02 6 Bytes [ FF, 25, 1E, 00, 25, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!ControlService 77DB1291 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!StartServiceW 77DB7ED9 6 Bytes [ FF, 25, 1E, 00, 2B, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!OpenServiceA 77DB801B 6 Bytes [ FF, 25, 1E, 00, 20, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!StartServiceA 77DB8075 6 Bytes [ FF, 25, 1E, 00, 28, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!LsaAddAccountRights 77DE44C5 6 Bytes [ FF, 25, 1E, 00, 2E, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!LsaRemoveAccountRights 77DE4543 6 Bytes [ FF, 25, 1E, 00, 31, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77DFBC20 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77DFBD97 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77DFBE75 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77DFBEE0 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!CreateServiceA 77DFBF4B 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!CreateServiceA + 4 77DFBF4F 2 Bytes [ 17, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!CreateServiceW 77DFC0C8 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ADVAPI32.dll!DeleteService 77DFC1B3 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ole32.dll!CoCreateInstanceEx 77191E0C 6 Bytes [ FF, 25, 1E, 00, 88, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ole32.dll!CoGetClassObject 77196C99 6 Bytes [ FF, 25, 1E, 00, 85, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ole32.dll!CLSIDFromProgID 771B71D5 6 Bytes [ FF, 25, 1E, 00, 82, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] ole32.dll!CLSIDFromProgIDEx 771F4007 6 Bytes [ FF, 25, 1E, 00, 7F, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] SHELL32.dll!Shell_NotifyIconW 773E3B3B 6 Bytes [ FF, 25, 1E, 00, C0, 5F ]
.text C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe[1384] SHELL32.dll!Shell_NotifyIcon 773FB69B 6 Bytes [ FF, 25, 1E, 00, BD, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!LdrLoadDll 77F469D2 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!LdrLoadDll + 4 77F469D6 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtClose 77F6E543 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtClose + 4 77F6E547 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtCreateFile 77F6E603 1 Byte [ FF ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtCreateFile + 2 77F6E605 1 Byte [ 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtCreateFile + 4 77F6E607 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtCreateKey 77F6E643 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtCreateKey + 4 77F6E647 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtDeleteFile 77F6E793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtDeleteFile + 4 77F6E797 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtDeleteKey 77F6E7A3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtDeleteKey + 4 77F6E7A7 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtDeleteValueKey 77F6E7C3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtDeleteValueKey + 4 77F6E7C7 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtDuplicateObject 77F6E7F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtDuplicateObject + 4 77F6E7F7 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtEnumerateKey 77F6E823 4 Bytes JMP 3AF7875A
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtEnumerateKey + 5 77F6E828 1 Byte [ C3 ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtEnumerateValueKey 77F6E843 4 Bytes [ 68, ED, 34, 9F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtEnumerateValueKey + 5 77F6E848 1 Byte [ C3 ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtOpenFile 77F6EAF3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtOpenFile + 4 77F6EAF7 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtQueryMultipleValueKey 77F6EDC3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtQueryMultipleValueKey + 4 77F6EDC7 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtQuerySystemInformation 77F6EE83 4 Bytes [ 68, 50, 36, 9F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtQuerySystemInformation + 5 77F6EE88 1 Byte [ C3 ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtQueryValueKey 77F6EEC3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtQueryValueKey + 4 77F6EEC7 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtReadFile 77F6EF23 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtReadFile + 4 77F6EF27 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtSetInformationFile 77F6F1B3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtSetInformationFile + 4 77F6F1B7 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtSetValueKey 77F6F323 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtSetValueKey + 4 77F6F327 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtUnloadKey 77F6F423 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtUnloadKey + 4 77F6F427 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtWriteFile 77F6F4D3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1896] ntdll.dll!NtWriteFile + 4 77F6F4D7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\explorer.exe[1896] kernel32.dll!TerminateProcess 77E416B4 6 Bytes [ FF, 25, 1E, 00, 32, 5F ]
.text C:\WINDOWS\explorer.exe[1896] kernel32.dll!WriteProcessMemory 77E41A90 6 Bytes [ FF, 25, 1E, 00, EF, 5F ]
.text C:\WINDOWS\explorer.exe[1896] kernel32.dll!CreateProcessW
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza

Messaggioda antonio » mar feb 13, 2007 1:47 pm

volevo aggiungere pure che il pc è addirittura senza sp2 e aggiornamenti di nessun tipo
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza

Messaggioda antonio » mar feb 13, 2007 4:08 pm

scusate mi consigliate intanto l'istallazione del sp2 in queste condizioni?
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza

Messaggioda Amantide » mar feb 13, 2007 4:57 pm

Scusa, ma arrivo solo ora a leggere i tuoi post, oggi non è proprio la giornata giusta.
Allora, SP2 e gli aggiornamenti critici sono da installare in qualsiasi caso.
Ora controllo i log.

I log sono puliti, credo che A-squared è riuscito a rimuovere da solo il trojan.clicker [;)]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda antonio » mar feb 13, 2007 5:40 pm

perfetto,grazie mille!!!!
ho eliminato panda titanium,messo antivir e sto installando sp2,poi procedo agli altri aggiornamenti.antivir ha trovato già 6 virus...sempre il mio preferito!
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising