Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

rimozione virus

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

rimozione virus

Messaggioda vincentvega » sab feb 24, 2007 8:55 pm

Salve a tutti anche io ho preso un virus .... come prima cosa quando accendo il pc mi da un errore del bluetooh del mio pc in seguito ho dovuto disistallare avast poiche' mi bloccava il pc.....ho letto alcune notizie nel vostro forum e ho iniziato a fare le operazioni che consigliate .....ho istallato avenger e ho fatto l'operazione da voi consigliata il pc si e' riavviato da solo ...adesso vorrei sapere che devo fare grazie.......
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

Re: rimozione virus

Messaggioda Amantide » sab feb 24, 2007 9:40 pm

vincentvega ha scritto:Salve a tutti anche io ho preso un virus .... come prima cosa quando accendo il pc mi da un errore del bluetooh del mio pc in seguito ho dovuto disistallare avast poiche' mi bloccava il pc.....ho letto alcune notizie nel vostro forum e ho iniziato a fare le operazioni che consigliate .....ho istallato avenger e ho fatto l'operazione da voi consigliata il pc si e' riavviato da solo ...adesso vorrei sapere che devo fare grazie.......

Come mai hai usato Avenger? E che operazione avevi eseguito? E soprattutto che virus credi di avere?

Intanto scarica Gmer, vai su tab Autostart, spunta la vose Show all e clicca su Scan. A scansione terminata clicca su Copy ed incolla il risultato sul blocco note o direttamente qui (tasto desto--> Incolla).

P.S. Benvenuto nel forum [;)]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Amantide » sab feb 24, 2007 10:02 pm

Esegui questo script con Avenger e dopo segui le istruzione di questo articolo (ultima pagina):

Files to delete:
C:\Documents and Settings\GabrieleRicci\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\GabrieleRicci\Dati applicazioni\hidires\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe

folders to delete:
C:\Documents and Settings\GabrieleRicci\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


aiuto virus

Messaggioda vincentvega » dom feb 25, 2007 4:17 pm

in attesa vostre risposte vi faccio vedere il report di gmer
GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-25 00:42:48
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation

---- Devices - GMER 1.0.12 ----

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E18E3008
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E18E3008
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E18E3008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1E6C1] prosync1.sys
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1501A58
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E1501A58
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E1501A58

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>00}qZ=`RaAFZQ{?{DArt?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e}GvMMOnH@hg(nYnu%p8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aPzKX=15Z?*VmZwfL?5??
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>]-2y_C5dWAq8t'Ahp=bS?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>IvR7u6?dq8g4^Yd4V1J6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>8P8fd9s@-?D*V},`V=T3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>xY=TG9CqU@W)~p?RO_w[?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C)z]OrW%R=wF2GW{Mgf2?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hWlcu7oG*9ybzp+^-VdU?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>_FJM`5byo=hcOs8jwB`u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>^'5*]IAel?w8MnWaY[Jf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>'.E-h@SP~=w?DXL*AL.m?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>=6xEmQ}b$?[kDPAt*+Mv?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?7w%[IH(QA(f_Nv)g1+u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>6_Lp.YrKG=t~lt)yuC(b?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Av^oip*aw@nLUAKMX6tN?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>vQk-c(tl+9_q.YVyjkqq?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>R,YAg8Uzf?q9ZRNgCdW.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>nV30Foad^=4D0FLgllXd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>W**YR.kDv?kTe!evxZOf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{?^lW%IQJ=DGh@&,glnR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorlib,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>v~Yw+7RXK?*n7r]K90Xd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>PCwF,UKRl=)zd@Q'%%3G?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>oaxX*et~F@1qEj-wm]ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hXM40zsHQ9T~regpU=Bb?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft_VsaVb,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>ZYT6Y}7@o?che(HR+=APT?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>vC~AI=2_U=jP1y7`PgEK?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>dxy+{V6B(@+d{@(0_+AQ?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@cscompmgd,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>.[PYtUR-d8WP[=+EL+1O?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>2Y]8C*W[d@g,InfZq=QO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>uqOdb3z0A9nOM3DNwRap?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualC,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>w=KLXB[Xr=7Tk@&xP9mc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>HgVH13*D4=(W~'P?(s2v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e64H(FT9aAe*?nR&Hqu&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>,.idGaf+a@p?-Q++qW2k?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NA^,LBxBWAO8^5,~v&8R?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>kgT}+.%vy?ikM)Pm%j(e?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NLc&){D?)A$1sUX?25sO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$v^BT?)o-=UTn*mAe$WC?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>5FJq?3gMD@zhYonAA7zP?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&n!BoCXqG=-dnT!D_K^F?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>lWHd$@tF]9]5,Sm%4[C+?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Z4gl`yrv7=muBlQnQKLc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aNAK!_!Eo=`)&1S{-9qF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>VM.bWln_GA'bH^9b4zy!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>%$f[5O}U(A5g(F1lojgF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&E8MWjh%YAwnpr?O'Yi%?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C*F%G*9^O@W5=%1gR^8-?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>SksH4=PK%=e-_b0RuAPa?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>fHeMP]gBr8xqs@n2Co?]?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>(GwSNVGT+@7fT)]}SlJ_?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEExecRemote,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>bbB7w3YPI?^u?S_0}W8T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{e[a-{V).94C1..jDAj.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>a+z?fXORD?MQ[Q9IU8rM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>)FaXaBH81?z8.(n5Ifk0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?Apg'v4Ao8k8Bcl_)c@q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.OracleClient,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>LSv0fvZqn=B^x-K9?$ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>E-9C,Ky_,=`o0ZsSt.K4?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$AqI^d@FOAa}lhk6lCx6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>b(NwVxq^D9N$NykQh&F=?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>f8hJ=QM?g(Z1z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript.resources,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="7.10.3052.4" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>xt?_kV[TL=1YsIA}j8nR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.resources,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="7.10.3052.4" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>{C}9ka0NP?[JXZ40*sono&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>i5D~ev8`l@wdOrb7`v%t?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>PfSXn7Q5f=EJFhAo+ACn?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>$~`k].=7g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>b3f0=M]_v9qN2l.yX1$v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>3]9ZToAs[9t@ug]6wx8f?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>_lorO!11%@sD?*T9!ctc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Jd75P~mpS?8gy(M-yt}6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@SYSTEM.WINDOWS.FORMS.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>X?WW3GI9p@VZT0tdnz[0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.XML.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>*PY+kd!_!9L@l~SNJb%Q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>,`Zt6!6sAAkxzRXOLa]h?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Yh302W[px=t%@tz2lZq9?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>uwyWzXrpk?,o(App5E9T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>+ly8{x[k}=1pW6*zLygW?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>_^&sneG7n?QA~-cZ=ADM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>ti[ZWxsk9AarL!U)GOhV?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorlib.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>W$nostro(7iwC@&{o~)}MiTz?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Ivc$vDYb[A%nW6x2Cuk3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>UKXVo05uH?$a7Mh0?lK8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@system.management.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>DO3uPNA+L?xlR41=@so,?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>[vDERFebj?Gv7JQlntpr?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Cg?^mQr!L@a?sU.}rr2.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>G@hJ=QM?g(Z1z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Access,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiAccess_PIA>FLZepab2T=7DZ%Dy4.Pp?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Excel,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiExcel_PIA>h=N(]v='Z8fT~7.nB)gM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vbe.Interop.Forms,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiForms_PIA>C4O6R%GLs@ysprGAz4eu?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Graph,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiGraph_PIA>~6Q5^Ga-w@2Sn)lr)X{B?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.SmartTag,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiSmartTag_PIA>e{^wB4=&?A{^nsSDeg`!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Owc11,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jidummy_OWC11_PIA>w-M$2K'.09U(LNnT^^5F?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Office,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiWord_PIA>keY{BC!FC?%3@}W5_!Oa?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Outlook,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiOutlook_PIA>u-~c)SFCu@BEkdumKh?7?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.OutlookViewCtl,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiOutlook_PIA>~y?XTW)u[9(.nxGr6}*q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.PowerPoint,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiPowerPoint_PIA>A*%D8^tU^@r`VP5(u&y)?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Publisher,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiPublisher_PIA>=JF7j5dP3@JrIDRuj1}%?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Word,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiWord_PIA>QYH2,E)&^@QK&Mt%QU}u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscomctl,Version="10.0.4504.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",FileVersion="10.0.4504.0" .]gAVn-}f(ZXfeAR6.jidummy_OWC11_PIA>KA@hzZEP39+P$2)8P=ih?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@dao,Version="10.0.4504.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",FileVersion="10.0.4504.0" .]gAVn-}f(ZXfeAR6.jiAccess_PIA>6O_.hd.s6==YX^M9.,Kb?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vbe.Interop,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>X.2kG@=8r=omnVtBlW4t?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@ADODB,Version="7.0.3300.00",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.10.2346.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@MSDATASRC,Version="7.0.3300.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.0.9466.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@stdole,Version="7.0.3300.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.0.9466.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global@Microsoft.MSXML2R,publicKeyToken="6bd6b9abf345378f",version="4.1.0.0",type="win32",processorArchitecture="x86" Qsq1nZ.7+A+c@!1P4V+BDictionary>ITzaC}zyQ@Zq3QlMCb0e?
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\Eidos Interactive\Hothouse Creations\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\Eidos Interactive\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{28E68FAA-FA6B-44C4-8707-0B4E6C8BD611}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\File comuni\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Java\jre1.5.0_10\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Java\jre1.5.0_10\bin\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150100}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Kaspersky Lab\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1040\repairRedist.htm 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\LSINGLE.HLP 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\lsingle.cnt 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\PCTREE32.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\engine.ini 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\LEARN32.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\COMPLINC.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\orun32.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\startmenu.cbo 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\usersid.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\WINDOWS\system32\MSADP32.ACM 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programmi\File comuni\InstallShield\engine\6\Intel 32\corecomp.ini 21
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programmi\File comuni\InstallShield\engine\6\Intel 32\ctor.dll 21
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programmi\File comuni\InstallShield\engine\6\Intel 32\objectps.dll 21
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programmi\File comuni\InstallShield\engine\6\Intel 32\iuser.dll 21
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

aiuto

Messaggioda vincentvega » dom feb 25, 2007 4:19 pm

ecco il report fatto
could not process line:
C:\windows\system32\hldrrr.exe
status:oxc 0000034
could not open folder c:\document and setting\gabrielericci\dati applicazioni\hidires for deletion of folder c:\ document and setting\gabrielericci\dati applicazioni\hirides failed!
cuold not process line:
c:\ document and setting\gabrielericci\dati applicazioni\hirides
status:ox000003a
folder c:\windows\exefld not faund!
deletion of folder c:\windows\exefld failed
cuold not process line:
c:\windows\exefld
status:ox0000034
registry key hklm\system\currentcontrolset\services\m_hook deleted successfully
regirty key hklm\system\currentcontrolset\enum\root\legacy_m_hook deleted successfully
cuold not delete registry value hklm\softwere\microsoft\windows\currentversion\run\hldrrr failed!
status:oxc0000034
complete script processing finishied

non credo sia andato bene!!!!!vero?
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

Messaggioda Amantide » dom feb 25, 2007 4:20 pm

Scusa, ho sbagliato di inserire in nome del tuo account utente [:-H]

Prova ad eseguire questo script:

Files to delete:
C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe

folders to delete:
C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

aiuto

Messaggioda vincentvega » dom feb 25, 2007 4:46 pm

Scusa ma e' lo stesso processo che mi avevi indicato ieri....?
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

Messaggioda Amantide » dom feb 25, 2007 4:50 pm

Non è lo stesso, non so come sia accaduto ma facendo il copia incolla la prima volta "Gabriele Ricci" è diventato "GabrieleRicci" senza lo spazio, di conseguenza Avenger non ha potuto trovare il percorso esatto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

aiuto

Messaggioda vincentvega » dom feb 25, 2007 4:52 pm

ok grazie scusa l'ignoranza ora provo
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

aiuto

Messaggioda vincentvega » dom feb 25, 2007 4:54 pm

ancora una cosa scusa come faccio a capire se e' andato a buon fine?
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

aiuto

Messaggioda vincentvega » dom feb 25, 2007 5:00 pm

ecco il report
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jwrbbesn

*******************

Script file located at: \??\C:\Documents and Settings\ixtfbcws.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys deleted successfully.
File C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\hidr.exe deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034

Folder C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires deleted successfully.


Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

Re: aiuto

Messaggioda Amantide » dom feb 25, 2007 5:37 pm

vincentvega ha scritto:ancora una cosa scusa come faccio a capire se e' andato a buon fine?

Dal log di Avenger...
File C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\m_hook.sys deleted successfully.
File C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires\hidr.exe deleted successfully.
Folder C:\Documents and Settings\Gabriele Ricci\Dati applicazioni\hidires deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.

Il resto è stato eliminato durante l'esecuzione del primo script.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

aiuto

Messaggioda vincentvega » dom feb 25, 2007 6:52 pm

quindi dovrebbe essere stato eliminato?sono riuscito ad istrallare l'antivirus
che cosa devo fare ora?
grazie
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

Messaggioda Amantide » dom feb 25, 2007 7:04 pm

Hai seguito le istruzioni dell'articolo?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

aiuto

Messaggioda vincentvega » dom feb 25, 2007 7:11 pm

non ho ancora fatto perche' sono cose un po difficili per me ....
Volevo farti una domanda quando avro' sistemato tutto e' possibile fare un ripristino del sistema e tornare a quando non avevo questo virus?
Avatar utente
vincentvega
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: sab feb 24, 2007 5:37 pm

Messaggioda Amantide » dom feb 25, 2007 7:59 pm

Dal momento che sei riuscito ad eliminiare il virus... a che pro vorresti fare il ripristino di sistema? [uhm]
Comunque guarda, il ripristino configurazione di sistema ti può salvare solo nei casi di piccoli casini che combini al pc, ma è totalmente inutile e controindicato se vuoi ripristinare il sistema in caso di infezione virale.
Anzi, dovresti disabilitare totalmente questa funzione e riabilitarla solo al riavvio del pc in modo da eliminare i punti di ripristino infetti.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising