www.MegaLab.it

[ranieri]

Salve a tutti,
allora, ho preso il maledetto Bagle credo.
Tra i programmi che partono allo startup ho trovato il programma hldrrr.exe
Il fatto e' che GMER non evidenzia nessun a chiave o file allora ho copiato lo script trovato su un forum con le opportune modifiche per il drive e il nome utente in Avenger e dopo il restart, nel text file non risultavano trovati alcune delle chiavi e dei file (forse lo script non era adatto al mio caso particolare). Il file hldrrr non c'e' piu ma comunque il pc continua a non funzionare. Antivirus, Firewall e soprattutto la connessione ad internet non partono.
Questo e' il risultato della scansione del Rootkit con GMER:

GMER 1.0.13.12540 - http://www.gmer.net
Rootkit scan 2007-06-29 14:04:54
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.13 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
---- Kernel code sections - GMER 1.0.13 ----
? srescan.sys The system cannot find the file specified.
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F4B76950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F4B76E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F4B76FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B76AC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B76AC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F4B76950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F4B76E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F4B76FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F4B76950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F4B76FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F4B76E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F4B76AC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F4B76FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F4B76E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F4B76950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B76AC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F4B76950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F4B76E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F4B76FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F4B83FB0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F4B6F570] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F4B6F4C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F4B6F670] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F4B6F1D0] \SystemRoot\System32\vsdatant.sys

Spero qualcuno possa aiutarmi al piu' presto
Grazie

[crazy.cat]

Ho rimosso parte del tuo log perché si vedevano degli indirizzi email.

Prova a postare il log solo della sezione autostart, ci arrivi spostandoti con le doppie >> in gmer

Sei il secondo che sembra avere questo problema, forse abbiamo un bagle nuovo e invisibile.

Proviamo con questo
http://seem.about.free.fr/rel/Seem_v4.1b.en.zip
a vedere se ti trova qualcosa di rosso.

[ranieri]

grazie per la risposta.

Sto diventando scemo con questo problema. Anche considerando che non ho piu' connessione ad internet (e' un altro sintomo del virus?) e devo trasferire files e programmi da un laptop al pc.

Ho provato il software che mi hai indicato nella tua risposta e non mi sembra di vedere niente in rosso. Ma dove dovrei guardare esattamente, ci sono molte opzioni.
Ho fatto una scansione anche con Baglegui (Resolve for W32/Bagle version 1.07 forse un po' vecchiotta) ma anche li niente. Sono sicuro che prima di provare Avenger la prima volta, c'era hldrrr.exe tra i programmi allo startup per questo ho dedotto di aver Bagle. Ora non c'e' piu ma il computer ancora non funziona.

Ecco il risultato della scansione Autostartcon GMER

GMER 1.0.13.12540 - http://www.gmer.net
Autostart scan 2007-06-30 11:34:55
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AdobeActiveFileMonitor4.0 /*Adobe Active File Monitor V4*/@ = C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe /*file not found*/
Browser /*Computer Browser*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CryptSvc /*Cryptographic Services*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*DCOM Server Process Launcher*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*DHCP Client*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver /*Logical Disk Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*DNS Client*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
EpsonBidirectionalService /*EpsonBidirectionalService*/@ = C:\Program Files\EPSON\ESM2\eEBSVC.exe
ERSvc /*Error Reporting Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Event Log*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Help and Support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*TCP/IP NetBIOS Helper*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*IPSEC Services*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Protected Storage*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Remote Registry*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*Remote Procedure Call (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Security Accounts Manager*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Task Scheduler*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Secondary Logon*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*System Event Notification*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall/Internet Connection Sharing (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Shell Hardware Detection*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*System Restore Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc /*Windows Image Acquisition (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Themes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Distributed Link Tracking Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service /*file not found*/
W32Time /*Windows Time*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Windows Management Instrumentation*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Wireless Zero Configuration*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run@AS00_Gear311T = C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Program Files\Common Files\System\Ole DB\oledb32.dll = C:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*Search Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Address Bar Parser*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*Channel File*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Channel Shortcut*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/C:\Program Files\Outlook Express\wabfind.dll = C:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{ED65AB21-B24F-11d3-BA80-00C0CA16AA37} /*Mobile*/C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll = C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll
@{ED65AB22-B24F-11d3-BA80-00C0CA16AA37} /*Mobile ContextMenuHandler*/C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll = C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll
@{ED65AB23-B24F-11d3-BA80-00C0CA16AA37} /*Mobile PropertySheetHandler*/C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll = C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.corriere.it/ = http://www.corriere.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res@CLSID = %SystemRoot%\System32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

---- EOF - GMER 1.0.13 ----

Grazie ancora

[crazy.cat]

Visto che su quel pc non puoi collegarti, l'unica cosa per il momento sarebbe di preparare questo cd di boot
http://www.MegaLab.it/2629
e lanciare le scansioni, sopratutto con Antivir per che è il suo miglior antivirus e vedere di beccare questo nuovo vermetto.
Ci sono già altre due persone con un problema simile al tuo, il primo che trova i file infetti risolve il problema anche agli altri
http://www.MegaLab.it/forum/viewtopic.p ... 878#263878
http://www.MegaLab.it/forum/viewtopic.php?t=32513

[ranieri]

Ho dato un'occhiata a come creare quel CD ma mi sembra un po' fuori dalle mie capacita' informatiche.
Adesso sono fuori comunque ci provero' appena torno, magari cercando di collegarmi ad internet con il normale modem dial up e non con l'adsl che non funziona.
Spero qualcuno trovi la soluzione prima di pero' perche ci potrei mettere un bel po' :-(

[crazy.cat]

Non è così difficile farlo, in tanti ci sono già riusciti.
altra proposta è quella di staccare il disco e metterlo in slave su un altro pc al posto dei lettori cd e controllarlo con l'antivirus dell'altro pc.
Unica avvertenza è che si può rischiare di infettare anche l'altro pc, per questo la soluzione cd è sempre la meno rischiosa e più efficace.

[ranieri]

Provero' al piu presto
Grazie

[ranieri]

Allora, mi sono arreso con la creazione del bootable disk, quando inserisco il cd di WinXP mi trova 21 errori e un warning e non va avanti.

Sono riuscito a fare delle scansioni con AVG Antivirus, AVG antispyware e Spyboot che hanno pulito il sistema. Adesso sembra funzionare tutto tranne la connessione ad internet.
Ho una connessione wireless con router Netgear WG311T e premetto che altri computers sono nel network e la connessione funziona perfettamente.

Quando cerco di connettermi ricevo il messaggio "Limited or no connectivity". Cliccando su "Repair", il risultato e' un messaggio "Windows could not finish repairing the problem because could not renew your IP address".
Dopo alcune ricerche su Google ho scoperto anche che il Wireless Zero Configuration Service non e' attivo. Quando cerco di farlo partire ricevo il messaggio "Could not start the Wireless Zero Configuration Service, Error 1068 the dependency service or group failed to start".
Sembra che una delle dependency sia NDIS Usermode I/O Protocol ma non ho idea di cosa sia e non e' presente nella lista dei services.

Spero sia stato chiaro ed ogni aiuto e' piu' che ben accetto!!
grazie

[crazy.cat]

Spero sia stato chiaro ed ogni aiuto e' piu' che ben accetto!!
grazie

Leggi l'update nella pagina
http://www.MegaLab.it/2657/4

[ranieri]

E' andata!!
Finalmente il verme e' morto.

Grazie mille!!!