Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Virus chiude il browser cercando antivirus

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Virus chiude il browser cercando antivirus

Messaggioda Blueice » mar gen 23, 2007 7:08 pm

Buonasera a tutti sono nuovo ed è la prima volta che scrivo qui pur essendo un assiduo Vostro lettore.

Il problema che ho è questo: un virus mi chiude IE o anche FF ogni volta che scrivo il nome di un antivirus tipo "Avenger"

1. Ho già provato un po' tutti i piu' noti antivirus e "Cwshredder" ha rilevato Cw.Jksearch ... , ma nessuno lo elimina
2. Ho XP SP2

Come faccio?

Grazie delle risposte

p.s.: spero di essere nel post giusto avendo cercato, ma non trovato altre discussioni simili [cry]
Avatar utente
Blueice
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: mar gen 23, 2007 5:04 pm
Località: Svizzera

Messaggioda Amantide » mar gen 23, 2007 7:41 pm

Ciao e benvenuto [:)]
Fal la scansione con Gmer delle sezioni Autostart e Rootkit, spuntando prima Show all, e posta qui i log delle scansioni.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Blueice » mar gen 23, 2007 7:46 pm

Grazie della rapidità Amantide

Ho scaricato - quasi disperato - Trend Micro Anti-Spyware la versione "Evaluation" e il problema sembra risolto avendo trovato ed eliminato 2 ad-aware (non ho fatto in tempo a vedere talmente è stato veloce)

Provo comunque a scaricare Gmer ed a postare il log :-)


Ecco il log di Autostart

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-23 18:49:19
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * SsiEfr.e /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@Userinitc:\windows\system32\userinit.exe,"c:\windows\ibmnet.exe","c:\windows\inteltop.exe","c:\windows\fujitsuchecker.exe", = c:\windows\system32\userinit.exe,"c:\windows\ibmnet.exe","c:\windows\inteltop.exe","c:\windows\fujitsuchecker.exe",
@Shellexplorer.exe = explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
igfxcui@DLLName = igfxdev.dll
NavLogon@DLLName = C:\WINDOWS\system32\NavLogon.dll
partnershipreg@DLLName = C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll
WRNotifier@DLLName = WRLogonNTF.dll /*file not found*/

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt3.dyq

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Explorateur d'ordinateur*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CobBackup7 /*Cobian Backup 7 service*/@ = C:\Program Files\Cobian Backup 7\cbs.exe
CryptSvc /*Services de cryptographie*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Lanceur de processus serveur DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
DefWatch /*DefWatch*/@ = "C:\Program Files\NavNT\defwatch.exe"
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver /*Gestionnaire de disque logique*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Service de rapport d'erreurs*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Journal des événements*/@ = %SystemRoot%\system32\services.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
helpsvc /*Aide et support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Serveur*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Station de travail*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*Assistance TCP/IP NetBIOS*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
Norton AntiVirus Server /*Norton AntiVirus Client*/@ = "C:\Program Files\NavNT\rtvscan.exe"
PlugPlay /*Plug-and-Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Services IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Emplacement protégé*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Accès à distance au Registre*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*Appel de procédure distante (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestionnaire de comptes de sécurité*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Planificateur de tâches*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Connexion secondaire*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notification d'événement système*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Détection matériel noyau*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spouleur d'impression*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Service de restauration système*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SrvGbw /*SrvGbw*/@ = "C:\Program Files\Fichiers communs\System\IGxJ.exe" /*file not found*/
stisvc /*Acquisition d'image Windows (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc
SysEnforce /*SysEnforce*/@ = C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
Themes /*Thèmes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Client de suivi de lien distribué*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time /*Horloge Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Infrastructure de gestion Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wuauserv /*Mises à jour automatiques*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Configuration automatique sans fil*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@HP Software Update"C:\Program Files\hp\HP Software Update\HPWuSchd2.exe" = "C:\Program Files\hp\HP Software Update\HPWuSchd2.exe"
@ToolBoxFX"C:\Program Files\hp\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on = "C:\Program Files\hp\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
@ /*file not found*/ = /*file not found*/
@igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@TkBellExe"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
@NWEReboot /*file not found*/ = /*file not found*/
@vptrayC:\Program Files\NavNT\vptray.exe /*file not found*/ = C:\Program Files\NavNT\vptray.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run >>>
@ibmnet"c:\windows\ibmnet.exe" = "c:\windows\ibmnet.exe"
@inteltop"c:\windows\inteltop.exe" /*file not found*/ = "c:\windows\inteltop.exe" /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8A5849C4-93F3-429D-FF34-660A2068897C}(null) =

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Feuille de propriétés du fichier multimédia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestion de scanneur ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Page de sécurité NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Page des propriétés de OLE DocFile*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Extensions de l'environnement pour le partage*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Extension Affichage Carte du Panneau de configuration*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Extension Affichage Écran du Panneau de configuration*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Extension Affichage Panorama du Panneau de configuration*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Page de sécurité DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Page de compatibilité*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestionnaire de données endommagées de l'environnement*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Extension copie de disquette*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Extensions de l'environnement pour les objets réseau de Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestion d'écran ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestion d'imprimante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Extensions de l'environnement de compression de fichiers*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Extension de l'environnement d'imprimante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu contextuel de cryptage*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Porte-documents*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Extension icône HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profil ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Page de sécurité des imprimantes*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Extensions de l'environnement pour le partage*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Extension de cryptographie PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Extension de cryptographie Sign*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connexions réseau*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connexions réseau*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*&Scanneurs et appareils photo*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*&Scanneurs et appareils photo*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*&Scanneurs et appareils photo*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*&Scanneurs et appareils photo*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*&Scanneurs et appareils photo*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Extensions de l'interpréteur de commandes pour l'environnement d'exécution de scripts Windows*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Liaison de données Microsoft*/C:\Program Files\Fichiers communs\System\Ole DB\oledb32.dll = C:\Program Files\Fichiers communs\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Tâches planifiées*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barre des tâches et menu Démarrer*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Rechercher*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Aide et support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Aide et support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Exécuter...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Courrier électronique*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Polices*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Outils d'administration*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Page de propriétés des versions précédentes*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versions précédentes*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barre d'outils Internet Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*État du téléchargement*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Dossier Bureau étendu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Dossier du shell augmenté*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Bande du navigateur Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*Bande de recherche*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Volet intégré de recherche*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Recherche Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilitaire des options de l'arborescence du Registre*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Adresse*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Boîte d'entrée de l'adresse*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Saisie semi-automatique Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Liste de saisie semi-automatique MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Liste de saisie semi-automatique personnalisée MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Barre de progrès auto-ouvrante*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Liste de saisie semi-automatique de l'historique Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Liste de saisie semi-automatique du dossier Shell Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Conteneur de la liste de saisie semi-automatique multiple Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Menu Site de bandes*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Barre du Bureau*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistance utilisateur*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Paramètres du dossier global*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Historique*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Image de démarrage de la Suite IE4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Dossier ActiveX Cache*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Dossier Inscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestionnaire d'applications d'environnement*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Énumérateur d'applications installées*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Publication d'application Darwin*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Extracteur de miniatures de fichier + GDI*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Gestionnaire de miniatures - Informations de résumé (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Extracteur de miniatures HTML*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Assistant Publication de sites Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Commande d'impressions via le Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Objet Assistant de publication Shell*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Assistant Obtenir une identité Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Comptes d'utilisateurs*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Dossier compressé*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Dossier Fichiers hors connexion*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*Des &personnes...*/C:\Program Files\Outlook Express\wabfind.dll = C:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{BDA77241-42F6-11d0-85E2-00AA001FE28C} /*LDVP Shell Extensions*/C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll = C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*Fichier de chaîne*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Raccourci de chaîne*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{C916D440-D489-4A79-B306-5FDC1E7932C0} /*PicaJet Shell Extension*/ = C:\PROGRA~1\PicaJet\PJExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Fichiers hors connexion@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Picajet Organizer@{C916D440-D489-4A79-B306-5FDC1E7932C0} = C:\PROGRA~1\PicaJet\PJExt.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Fichiers hors connexion@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
Picajet Organizer@{C916D440-D489-4A79-B306-5FDC1E7932C0} = C:\PROGRA~1\PicaJet\PJExt.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{83F80477-7B6F-FF42-9E0B-6A117BAD35EF}C:\WINDOWS\cjjbt1.dll /*file not found*/ = C:\WINDOWS\cjjbt1.dll /*file not found*/
@{F5046D85-071E-7851-CC26-7C93BA07EB81}C:\WINDOWS\cjjbt1.dll /*file not found*/ = C:\WINDOWS\cjjbt1.dll /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.webcattolici.it/ = http://www.webcattolici.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
cdo@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = %SystemRoot%\system32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage >>>
Raccourci vers vptray.lnk = Raccourci vers vptray.lnk
Trend Micro Anti-Spyware.lnk = Trend Micro Anti-Spyware.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage = Lancement rapide d'Adobe Reader.lnk

---- EOF - GMER 1.0.12 ----


ed ecco il log di rootkit

(tutte le caselle a sinistra erano spuntate)
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-23 18:57:27
Windows 5.1.2600 Service Pack 2


---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1553355753-3653341920-3717944225-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38874B9D-54A0-1741-7C78-B8BD93AE7476}@iahjdnadefglednepp 0x6B 0x61 0x66 0x6B ...
Reg \Registry\USER\S-1-5-21-1553355753-3653341920-3717944225-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38874B9D-54A0-1741-7C78-B8BD93AE7476}@habjninhhmiefmlb 0x6B 0x61 0x66 0x6B ...
Reg \Registry\USER\S-1-5-21-1553355753-3653341920-3717944225-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38874B9D-54A0-1741-7C78-B8BD93AE7476}@hadidfoadlkjoiko 0x67 0x62 0x6A 0x68 ...
Reg \Registry\USER\S-1-5-21-1553355753-3653341920-3717944225-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38874B9D-54A0-1741-7C78-B8BD93AE7476}@jacigfeaoapkdjppedgc 0x64 0x62 0x6D 0x68 ...

---- EOF - GMER 1.0.12 ----


Attendo una tua risposta se ci fosse qualche problema che non so ... [...]

Grazie ancora Amantide [^]
Avatar utente
Blueice
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: mar gen 23, 2007 5:04 pm
Località: Svizzera


Messaggioda wearethechampions » dom gen 28, 2007 11:03 am

è sicuramente il gromozon
la vita è come un giravite, più l'avviti più si svita
Avatar utente
wearethechampions
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: sab gen 27, 2007 7:55 pm

Messaggioda Amantide » dom gen 28, 2007 1:22 pm

Infatti è cosi.
Per prima cosa fai un paio di scansioni con Virit dalla modalità provvisoria e postaci i log per vedere cosa avrà eliminato.

Dopo abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti) ed assicurati che questi file siano spariti, altrimenti eliminali dalla modalità provvisoria:
c:\windows\ibmnet.exe
c:\windows\inteltop.exe
c:\windows\fujitsuchecker.exe
Dopo sistema il valore Userinit del registro come avevo spiegato qui
http://www.MegaLab.it/forum/viewtopic.p ... 341#225341

Una volta fatto tutto ciò ripostami i nuovi log di Gmer.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Blueice » lun feb 12, 2007 2:30 pm

Grazie dell'interessamento Amantide

Ecco qui il log di Virit in modalità provvisoria

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
01/02/2007 - 18:58:58

[SCANSIONE DEL REGISTRO]
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} Infetto da Spyware.WeatherBug.A
* * * RIMOSSO * * *
{2ee25147-37d4-4640-832c-fccfac8b21d9} Infetto da BHO.Agent.AR
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

Chiavi Registro infette: 2.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 52484.
Files Totali: 52484.
Chiavi Registro rimosse: 2.
Virus Rimossi: 0.


e una seconda volta

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
12/02/2007 - 12:22:15

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 16073.
Files Totali: 16073.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
12/02/2007 - 12:31:29

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 51337.
Files Totali: 51337.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

Poi ho "pulito" regedit alla voce "userinit" come hai indicato nell'articolo che hai postato qui sopra.


Ecco il test fatto con Gmer

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-12 13:39:58
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\services.exe[2884] WS2_32.dll!send 719F428A 10 Bytes PUSH 131414C6; RET

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 2884
Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 2896
Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 2908

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1553355753-3653341920-3717944225-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38874B9D-54A0-1741-7C78-B8BD93AE7476}@iahjdnadefglednepp 0x6B 0x61 0x66 0x6B ...
Reg \Registry\USER\S-1-5-21-1553355753-3653341920-3717944225-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38874B9D-54A0-1741-7C78-B8BD93AE7476}@habjninhhmiefmlb 0x6B 0x61 0x66 0x6B ...
Reg \Registry\USER\S-1-5-21-1553355753-3653341920-3717944225-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38874B9D-54A0-1741-7C78-B8BD93AE7476}@hadidfoadlkjoiko 0x67 0x62 0x6A 0x68 ...
Reg \Registry\USER\S-1-5-21-1553355753-3653341920-3717944225-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38874B9D-54A0-1741-7C78-B8BD93AE7476}@jacigfeaoapkdjppedgc 0x64 0x62 0x6D 0x68 ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Administrateur\Bureau\msimn.exe:SummaryInformation
ADS C:\Documents and Settings\Administrateur\Bureau\msimn.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.12 ----


Inoltre ho trovato in c: un file "as.txt" con gli indirizzi e-mail presenti sul mio pc. Ho provato a chiudere i "service.exe" che Gmer segnalava in rosso (tasto destro e kill process) e poi cancellavo "as.txt".
Ovviamente riapparivano riavviando il pc e aprendo outlook.

Come eliminare i "service.exe" dal momento che ce n'è solo 1 visibile pur avendo attivato la funzione di mostrare i file nascosti?

Help me please [cry+]
Avatar utente
Blueice
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: mar gen 23, 2007 5:04 pm
Località: Svizzera

Messaggioda Amantide » mar feb 13, 2007 10:31 pm

Blueice ha scritto:Inoltre ho trovato in c: un file "as.txt" con gli indirizzi e-mail presenti sul mio pc. Ho provato a chiudere i "service.exe" che Gmer segnalava in rosso (tasto destro e kill process) e poi cancellavo "as.txt".
Ovviamente riapparivano riavviando il pc e aprendo outlook.

Come eliminare i "service.exe" dal momento che ce n'è solo 1 visibile pur avendo attivato la funzione di mostrare i file nascosti?

Service o services?

E' strano che il file services.exe viene segnalato da Gmer come Hidden, in quella posizione in system32 è un file leggittimo di sistema.

Se riesci, carica il file c:\windows\system32\services.exe su www.virustotal.com e vedi se è infetto.

Appena puoi fai la scansione con Systemscan, comprimi in un archivio il file report.txt che trovi in c:\suspectfile, ed allegalo qui.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Blueice » mer feb 14, 2007 4:30 pm

Ecco qui il risultato

L'errore che da Gmer (si era "services" e non "service" [:-H] ) è

.text C:\WINDOWS\system32\services.exe[2884] WS2_32.dll!send 719F428A 10 Bytes PUSH 131414C6; RET

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 2884
Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 2896
Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 2908

Ho testato C:\WINDOWS\system32\services.exe con Virustotal

e ha dato questo risultato

Complete scanning result of "services.exe", received in VirusTotal at 02.14.2007, 15:09:48 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.37 02.14.2007 no virus found
Authentium 4.93.8 02.14.2007 no virus found
Avast 4.7.936.0 02.14.2007 no virus found
AVG 386 02.14.2007 no virus found
BitDefender 7.2 02.14.2007 no virus found
CAT-QuickHeal 9.00 02.13.2007 no virus found
ClamAV devel-20060426 02.14.2007 no virus found
DrWeb 4.33 02.14.2007 no virus found
eSafe 7.0.14.0 02.14.2007 no virus found
eTrust-Vet 30.4.3397 02.14.2007 no virus found
Ewido 4.0 02.14.2007 no virus found
Fortinet 2.85.0.0 02.14.2007 no virus found
F-Prot 4.2.1.29 02.14.2007 no virus found
F-Secure 6.70.13030.0 02.14.2007 no virus found
Ikarus T3.1.0.31 02.14.2007 no virus found
Kaspersky 4.0.2.24 02.14.2007 no virus found
McAfee 4962 02.13.2007 no virus found
Microsoft 1.2204 02.14.2007 no virus found
NOD32v2 2060 02.14.2007 no virus found
Norman 5.80.02 02.14.2007 no virus found
Panda 9.0.0.4 02.14.2007 no virus found
Prevx1 V2 02.14.2007 no virus found
Sophos 4.14.0 02.13.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.14.2007 no virus found
TheHacker 6.1.6.057 02.11.2007 no virus found
UNA 1.83 02.13.2007 no virus found
VBA32 3.11.2 02.13.2007 no virus found
VirusBuster 4.3.19:9 02.14.2007 no virus found

Aditional Information
File size: 108544 bytes
MD5: 732e0b1abaace15d80ec19056b0a2af9
SHA1: 7aadfc1c733f85d06e6b09886f83f3f189e268e4


Infine in allegato lo zip di systemscan:

Grazie
Avatar utente
Blueice
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: mar gen 23, 2007 5:04 pm
Località: Svizzera

Messaggioda Amantide » mer feb 14, 2007 7:12 pm

Registry values to replace with dummy:
Non sono nemmeno sicura di essere riuscita ad individuare proprio tutto tutto [acc2]

Scarica The Avenger, estrai archivio in una cartella ed avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno del form copia ed incolla queste script:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\system32\kbddb2.dll
C:\WINDOWS\System32\zoPrypt.dll
C:\WINDOWS\temp\cel90xbe.sys
C:\WINDOWS\temp\T30DebugLogFile.txt
C:\WINDOWS\temp\*.*
C:\WINDOWS\system32\wsys.dll
C:\WINDOWS\system32\lpt3.dyq
C:\Program Files\Fichiers communs\System\IGxJ.exe
C:\WINDOWS\system32\ntio256.sys
C:\WINDOWS\system32\drivers\msgegh.sys
C:\WINDOWS\system32\main.sys
C:\Documents and Settings\Administrateur\Local Settings\Temp\RarSFX0\runme.exe
C:\Documents and Settings\Administrateur\Local Settings\Temp\RarSFX0\LISTDLLS.exe
C:\Documents and Settings\Administrateur\Local Settings\Temp\PXR3.tmp

folders to delete:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0

registry keys to delete:
HKLM\SYSTEM\controlset002\services\SrvGbw
HKLM\SYSTEM\CurrentControlSet\Services\SrvGbw
HKLM\SYSTEM\controlset001\services\SrvGbw
HKLM\SYSTEM\controlset003\services\SrvGbw
HKLM\SYSTEM\CurrentControlSet\Services\EXAMPLE
HKLM\SYSTEM\CurrentControlSet\Services\ntio256
HKLM\SYSTEM\CurrentControlSet\Services\msgegh


Dopodichè clicca sul pulsante Done, poi 2 volte sull'icona del semaforo verde e rispondi alle successive domande Si .
Il pc dovrebbe riavviarsi da solo,se cosi non fosse riavvialo manualmente.
Alla fine allegami il log di Avenger che si trova in C:/avenger.txt
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Blueice » mer feb 14, 2007 9:24 pm

Ho fatto quanto hai chiesto e il pc si è riavviato da solo, il risultato eccolo qui

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mupnhhyn

*******************

Script file located at: \??\C:\WINDOWS\system32\mfoslspt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\kbddb2.dll deleted successfully.
File C:\WINDOWS\System32\zoPrypt.dll deleted successfully.
File C:\WINDOWS\temp\cel90xbe.sys deleted successfully.
File C:\WINDOWS\temp\T30DebugLogFile.txt deleted successfully.


Could not open file C:\WINDOWS\temp\*.* for deletion
Deletion of file C:\WINDOWS\temp\*.* failed!

Could not process line:
C:\WINDOWS\temp\*.*
Status: 0xc0000033

File C:\WINDOWS\system32\wsys.dll deleted successfully.


File C:\WINDOWS\system32\lpt3.dyq not found!
Deletion of file C:\WINDOWS\system32\lpt3.dyq failed!

Could not process line:
C:\WINDOWS\system32\lpt3.dyq
Status: 0xc0000034



File C:\Program Files\Fichiers communs\System\IGxJ.exe not found!
Deletion of file C:\Program Files\Fichiers communs\System\IGxJ.exe failed!

Could not process line:
C:\Program Files\Fichiers communs\System\IGxJ.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ntio256.sys not found!
Deletion of file C:\WINDOWS\system32\ntio256.sys failed!

Could not process line:
C:\WINDOWS\system32\ntio256.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\msgegh.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\msgegh.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\msgegh.sys
Status: 0xc0000034

File C:\WINDOWS\system32\main.sys deleted successfully.


Could not open file C:\Documents and Settings\Administrateur\Local Settings\Temp\RarSFX0\runme.exe for deletion
Deletion of file C:\Documents and Settings\Administrateur\Local Settings\Temp\RarSFX0\runme.exe failed!

Could not process line:
C:\Documents and Settings\Administrateur\Local Settings\Temp\RarSFX0\runme.exe
Status: 0xc000003a



Could not open file C:\Documents and Settings\Administrateur\Local Settings\Temp\RarSFX0\LISTDLLS.exe for deletion
Deletion of file C:\Documents and Settings\Administrateur\Local Settings\Temp\RarSFX0\LISTDLLS.exe failed!

Could not process line:
C:\Documents and Settings\Administrateur\Local Settings\Temp\RarSFX0\LISTDLLS.exe
Status: 0xc000003a

File C:\Documents and Settings\Administrateur\Local Settings\Temp\PXR3.tmp deleted successfully.


Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0 not found!
Deletion of folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0 failed!

Could not process line:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0
Status: 0xc0000034

Registry key HKLM\SYSTEM\controlset002\services\SrvGbw deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvGbw not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvGbw failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SrvGbw
Status: 0xc0000034

Registry key HKLM\SYSTEM\controlset001\services\SrvGbw deleted successfully.
Registry key HKLM\SYSTEM\controlset003\services\SrvGbw deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\EXAMPLE deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\ntio256 deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\msgegh deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Ho guardato con Gmer e non dava piu l'errore dei "services" in rosso e il file as.txt non c'è piu' [fischio] Il pc è ora pulito?

p.s. : mi diresti parole semplici in cosa sono incappato?

C'è altro da fare?

Grazie Amantide della tua competenza, segue molto il vostro sito e so che fate le cose per bene, ma non immaginava fino a questo punto [applauso+]
Avatar utente
Blueice
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: mar gen 23, 2007 5:04 pm
Località: Svizzera

Messaggioda Amantide » mer feb 14, 2007 10:14 pm

Blueice ha scritto:p.s. : mi diresti parole semplici in cosa sono incappato?

In tante cose brutte [:D]
C'era il LinkOptimizer, un paio di rootkit, qualche trojan e backdoor... sinceramente non ricordo più il nome di nessuno [acc2]
Se vuoi proprio saperlo, prova a cercare tramite google i file .exe, .dll e .sys e vedi di cosa si trattava di preciso.

C'è altro da fare?

Si, intanto scarica CCleaner e dalla modalità provvisoria fai la pulizia dei file temporanei;
disinstalla Norton;
installa al posto di Norton buon antiviru e firewall, ti consiglio Antivir PE + Comodo Firewall oppure Active Virus Shield + Zone Alarm, sono tutti i programmi gratuiti;
installato il nuovo antivirus, fai la scansione dalla modalità provvisoria.

Per adesso tutto [sh]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Blueice » gio feb 15, 2007 12:30 am

Grazie Amantide! [^] Grazie.

..... un dettaglino: ho scaricato ccleaner e ha funzionato bene ha trovato oltre 200 Mb di tmp ...!

... ho scaricato Avira Antivir Personal Edition Classic in questa versione antivir_workstation_win7u_en_h.exe e si presenta come free, ma, forse sbaglio qualcosa.

Nella casella "License information c'è
1. Licenza per Avira ...........
2. Serial Number : (segue numero)
3. Qui da la data di scadenza 31.05.2007 che prolungherà di 4 settimane la scadenza prima di spirare.

Sul sito http://www.free-av.com/ c'è anche un file che si dice essere chiave di registro per la licenza, ma non si aggiunge al registro.

La domanda è: il software è gratis o è a pagamento? Esiste una versione gratis?

Ri-grazie
Ultima modifica di Blueice il gio mar 01, 2007 7:45 pm, modificato 1 volta in totale.
Avatar utente
Blueice
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: mar gen 23, 2007 5:04 pm
Località: Svizzera

Messaggioda Amantide » gio feb 15, 2007 12:57 pm

Antivir Free, una volta arrivata la scadenza la licenza, si autoaggiorna e te la rinnova [;)]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Blueice » gio feb 15, 2007 3:07 pm

Complimenti ancora per la correttezza e la rapidità delle risposte :-)

L'argomento è chiuso.

Alla prossima [rotolo]
Avatar utente
Blueice
Neo Iscritto
Neo Iscritto
 
Messaggi: 11
Iscritto il: mar gen 23, 2007 5:04 pm
Località: Svizzera


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 22 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising