Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

nuovamente virus gromozon?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

nuovamente virus gromozon?

Messaggioda triskell » mar apr 24, 2007 2:04 pm

ciao,
sono di nuovo incappata in qualcosa di simile:non mi lancia le scansioni di hjack e mi chiude ogni pagina di questo forum in cui c'è la soluzione.
Sono andata a vedere sulle chiavi di registro USERINIT... ma è tutto come dovrebbe (e cioè;c:\windows\system32\userinit.exe,)
eppure i sintomi sono esattamente gli stessi
,Il pc è protetto con avast ma temo che non sia abbastanza....
chissà se Amantide mi puo aiutare di nuovo?
[cry]
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am

Messaggioda crazy.cat » mar apr 24, 2007 2:24 pm

Riesci a postare un log di gmer della sezione autostart?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

purtroppo non mi lancia nemmeno gmer.

Messaggioda triskell » mar apr 24, 2007 2:30 pm

ma mi sono ricordata che avevo virit sulla chiavetta usb.
sono riuscita a installarlo e sto facendo una scansione..
qualcosa ha trovato..... finisco e vi aggiorno.. [nonono]
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am


Messaggioda triskell » mar apr 24, 2007 2:52 pm

virit ha trovato due chiavi di registro infette che ha rimosso... ma hjack e gmer non si riescono a lanciare lo stesso! [uhm]
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am

sempre peggio

Messaggioda triskell » mar apr 24, 2007 4:06 pm

Riavviando dopo la scansione con virit NON sale piu windows.
Schermata vuota e prompt di dos aperto...come se volesse un comando per lanciare windows.... ora sono proprio inguaiata [cry+]
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am

aggiornamenti

Messaggioda triskell » mar apr 24, 2007 9:34 pm

ho ripristinato il mioo desktop...
ma non ho risolto il problema ho lanciato il tool per rimuovere gromozon ma non l'ha trovato:
hjack e gmer non si lanciano
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am

Messaggioda triskell » mar apr 24, 2007 9:51 pm

allego il mio task manager: c'è qualcosa di sospetto?
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am

winpFInd

Messaggioda triskell » mar apr 24, 2007 10:00 pm

[uhm] non mi fa incollare la schermata per problemi di risoluzione... sono riuscita però a fare la scansione con winPFind


WinPFind logfile created on: 24/04/2007 20.45.59
WinPFind by OldTimer - v2.0.3 Folder = C:\Documents and Settings\francesca\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

511,42 Mb Total Physical Memory | 278,19 Mb Available Physical Memory | 54,40% Memory free
1,22 Gb Paging File | 0,88 Gb Available in Paging File | 71,94% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 35,60 Gb Total Space | 3,39 Gb Free Space | 9,54% Space Free
Drive D: | 35,98 Gb Total Space | 5,43 Gb Free Space | 15,08% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: PCFRANCESCA
Current User Name: francesca
Logged in as Administrator.
Current Boot Mode: Normal

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

c:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ()
C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
C:\Documents and Settings\francesca\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
C:\Programmi\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
C:\Programmi\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
C:\Programmi\CyberLink\Shared Files\RichVideo.exe ()
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
C:\Programmi\iPod\bin\iPodService.exe (Apple Computer, Inc.)
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running]
= C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running]
= C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running]
= C:\Programmi\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running]
= C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running]
= C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

(AWService) AdminWorks Agent X6 [Win32_Own | Auto | Running]
= c:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)

(BackWeb Client) BackWeb Client [Win32_Own | Auto | Stopped]
= C:\Programmi\F-Secure\BackWeb\BackWeb\Program\ServiceWrapper.exe (File not found)

(btwdins) Bluetooth Service [Win32_Own | Auto | Running]
= c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe (Broadcom Corporation.)

(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running]
= C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()

(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running]
= C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()

(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running]
= C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

(dmadmin) Servizio amministrativo di Gestione disco logico [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(EvtEng) EvtEng [Win32_Own | Auto | Running]
= C:\Programmi\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

(iPod Service) iPod Service [Win32_Own | On_Demand | Running]
= C:\Programmi\iPod\bin\iPodService.exe (Apple Computer, Inc.)

(pdfFactory Pro Dispatcher v2) pdfFactory Pro Dispatcher v2 [Win32_Own | Auto | Running]
= C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

(RegSrvc) RegSrvc [Win32_Own | Auto | Running]
= C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running]
= C:\Programmi\CyberLink\Shared Files\RichVideo.exe ()

(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running]
= C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped]
= C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (File not found)

(viritsvclite) Virit eXplorer Lite [Win32_Own | Disabled | Stopped]
= C:\VEXPLITE\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Acer ePower Management = C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
ADMTray.exe = c:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
Alcmtr = C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
ATIPTA = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
AzMixerSel = C:\Programmi\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
eDataSecurity Loader = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ()
EPM-DM = c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
eRecoveryService = C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
iTunesHelper = C:\Programmi\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE ()
NAV CfgWiz = C:\Programmi\File comuni\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (File not found)
PCMService = C:\Programmi\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
Persistence = C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
RTHDCPL = C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
SynTPEnh = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
= C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
= C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe (Broadcom Corporation.)

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\francesca\Menu Avvio\Programmi\Esecuzione automatica >
C:\Documents and Settings\francesca\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
viritsvclite = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast!]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ashDisp
hkey = HKLM
command = C:\Programmi\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Collegamento alla pagina delle proprietà di High Definition Audio]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
hkey = HKLM
command = C:\WINDOWS\system32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LaunchApp]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\Alaunch.exe (Acer Inc.)
hkey = HKLM
command = C:\WINDOWS\Alaunch.exe (Acer Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = LManager
hkey = HKLM
command = C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lmqvwjyt]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = hmmqtinw
hkey = HKLM
command = C:\hmmqtinw.bat ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pdfFactory Pro Dispatcher v2]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = fppdis2a
hkey = HKLM
command = C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\phewv]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = 43110859
hkey = HKLM
command = C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\43110859.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VIRIT LITE MONITOR]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = MONLITE
hkey = HKLM
command = C:\VEXPLITE\MONLITE.EXE (TG Soft S.a.s.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\yegpieyq]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = fvaxratj
hkey = HKLM
command = C:\fvaxratj.bat ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 2
startup = 2

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<




>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
DllName = C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
DllName = C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 768 bytes | Modified Date: 19/08/2004 5.00.00)
127.0.0.1 localhost

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = Pagina iniziale corrente
Source = About:Home
SubscribedURL = About:Home

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://global.acer.com
Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
{346D8699-DAC7-DD78-5CD4-CA50A929983C} = Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page = http://www.google.it/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- AcroIEHlprObj Class ( HKLM = c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

>>>>> HKLM Internet Explorer Bars <<<<<

>>>>> HKCU Internet Explorer Bars <<<<<

>>>>> HKLM Internet Explorer ToolBars <<<<<

>>>>> HKCU Internet Explorer ToolBars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

>>>>> HKCU Internet Explorer CmdMapping <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{92780B25-18CC-41C8-B9BE-3C9C571A8263} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8195

>>>>> HKLM Internet Explorer Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}]
ButtonText = Ricerche

>>>>> HKCU Internet Explorer Menu Extensions <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&sporta in Microsoft Excel]
@ = 000 (File not found)

>>>>> HKLM Internet Explorer Plugins Extensions <<<<<

>>>>> HKLM Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
= ( HKLM = Reg Data - Value does not exist (File not found) )
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barra delle applicazioni e menu di avvio ( HKLM = Reg Data - Key not found (File not found) )
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} = EPM-PO Shell Extensions ( HKLM = C:\WINDOWS\system32\Epm-Po.dll (Acer Labs USA) )
{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel ( HKLM = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc.) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Estensione panoramica video del Pannello di controllo ( HKLM = deskpan.dll (File not found) )
{472083B0-C522-11CF-8763-00608CC02F24} = avast ( HKLM = C:\Programmi\Alwil Software\Avast4\ashShell.dll (ALWIL Software) )
{6af09ec9-b429-11d4-a1fb-0090960218cb} = Risorse di rete Bluetooth ( HKLM = C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation.) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Estensioni shell per la compressione dei file ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = Account utente ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu di scelta rapida di crittografia ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Programmi\WinRAR\RarExt.dll () )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = C:\Programmi\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) )
{E0D79300-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Programmi\WinZip\WZSHLEXT.DLL () )
{E0D79301-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Programmi\WinZip\WZSHLEXT.DLL () )
{E0D79302-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Programmi\WinZip\WZSHLEXT.DLL () )

>>>>> HKCU Approved Shell Extensions <<<<<

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\avast]
@ = {472083B0-C522-11CF-8763-00608CC02F24} ( HKLM = C:\Programmi\Alwil Software\Avast4\ashShell.dll (ALWIL Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Blocco menu Start]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\EDSshellExt]
@ = {29FF7AB0-BE34-4992-A30B-53A9D86EE239} ( HKLM = C:\WINDOWS\system32\eDSshellExt.dll (HiTRUST) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@ = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} ( HKLM = C:\Programmi\Norton AntiVirus\NavShExt.dll (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Programmi\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79300-84BE-11CE-9641-444553540000} ( HKLM = C:\Programmi\WinZip\WZSHLEXT.DLL () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\EDSshellExt]
@ = {29FF7AB0-BE34-4992-A30B-53A9D86EE239} ( HKLM = C:\WINDOWS\system32\eDSshellExt.dll (HiTRUST) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Programmi\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79300-84BE-11CE-9641-444553540000} ( HKLM = C:\Programmi\WinZip\WZSHLEXT.DLL () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\igfxcui]
@ = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} ( HKLM = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\avast]
@ = {472083B0-C522-11CF-8763-00608CC02F24} ( HKLM = C:\Programmi\Alwil Software\Avast4\ashShell.dll (ALWIL Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@ = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} ( HKLM = C:\Programmi\Norton AntiVirus\NavShExt.dll (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Programmi\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79300-84BE-11CE-9641-444553540000} ( HKLM = C:\Programmi\WinZip\WZSHLEXT.DLL () )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = c:\Programmi\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145

>>>>> Security Providers <<<<<

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
ComSpec = %SystemRoot%\system32\cmd.exe ( C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) )
TEMP = %SystemRoot%\TEMP
TMP = %SystemRoot%\TEMP
windir = %SystemRoot%

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path]
%SystemRoot%\system32
%SystemRoot%
%SystemRoot%\System32\Wbem
C:\Programmi\ATI Technologies\ATI Control Panel
C:\Programmi\Intel\Wireless\Bin\
C:\Programmi\QuickTime\QTSystem\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]
.COM
.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> User Agent Post Platform <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> "C:\Programmi\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Programmi\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -> "C:\Programmi\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -> "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -> "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Programmi\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Programmi\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19904633-73C5-4EA1-A0B1-041534C159F4}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BE02C32-CD53-41FC-AB9A-E92BF71427EA}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41A754C1-2C1A-4E1D-BDAF-7A1826A9D22F}] ( Intel(R) PRO/Wireless 2200BG Network Connection )
DefaultGateway = 192.168.0.1;
DhcpServer = 255.255.255.255
Domain =
EnableDHCP = 0
IPAddress = 192.168.0.2;
IPAutoconfigurationAddress = 0.0.0.0
NameServer = 192.168.0.1
SubnetMask = 255.255.255.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C106F4F-5F85-42FD-A02C-E9BB17FB09AE}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{857FF76B-2845-4A4D-84A1-0DF2DB5B70B3}] ( Realtek RTL8169/8110 Family Gigabit Ethernet NIC )
DefaultGateway = 192.168.1.1;
Domain =
EnableDHCP = 0
IPAddress = 192.168.1.114;
NameServer = 193.70.192.15,193.70.152.25
SubnetMask = 255.255.255.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B7B49AF5-F86C-4BF6-9E6D-4177AE377D77}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BE739003-E802-465F-BBDD-873667633E2F}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D1C18D60-67F8-4C51-9F01-9F80C043F848}] ( Atheros AR5005G Wireless Network Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Default Protocols [HKLM] <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@ivt - 1 = Intranet locale
file - 3 = Internet
ftp - 3 = Internet
http - 3 = Internet
https - 3 = Internet
shell - 0 = Risorse del computer

>>>>> Protocol Handlers <<<<<

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation]
CODEBASE = http://download.macromedia.com/pub/shoc ... tor/sw.cab
INF = C:\WINDOWS\Downloaded Program Files\erma.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://fpdownload.macromedia.com/pub/sh ... wflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

»»»»»»»»»»»»»»»»»»»» Files / Folders Created Within 30 Days »»»»»»»»»»»»»

C:\hiberfil.sys [Ver = | Size = 536330240 bytes | Created Date = 02/01/1601 23.00.00 | Attr = HS]
C:\FOUND.004 [Folder | Created Date = 27/03/2007 10.00.44 | Attr = HS]
C:\VEXPLITE [Folder | Created Date = 24/04/2007 12.22.26 | Attr = ]
C:\chdir.bat [Ver = | Size = 16 bytes | Created Date = 24/04/2007 13.21.54 | Attr = ]
C:\Avenger [Folder | Created Date = 24/04/2007 13.21.57 | Attr = ]
C:\avexport.bat [Ver = | Size = 192 bytes | Created Date = 24/04/2007 13.21.57 | Attr = ]
C:\zip.exe [Ver = | Size = 126976 bytes | Created Date = 24/04/2007 13.21.57 | Attr = ]
C:\hmmqtinw.bat [Ver = | Size = 1080 bytes | Created Date = 24/04/2007 13.21.57 | Attr = ]
C:\reboot.exe [Ver = | Size = 19814 bytes | Created Date = 24/04/2007 13.21.57 | Attr = ]
C:\reboot.bat [Ver = | Size = 336 bytes | Created Date = 24/04/2007 13.21.57 | Attr = ]
C:\fvaxratj.bat [Ver = | Size = 1080 bytes | Created Date = 24/04/2007 13.22.05 | Attr = ]
C:\Documents and Settings\All Users\Dati applicazioni\Windows Genuine Advantage [Folder | Created Date = 21/04/2007 11.28.11 | Attr = ]
C:\Documents and Settings\francesca\Documenti\cc_20070424_1650.reg [Ver = | Size = 77087 bytes | Created Date = 24/04/2007 15.50.49 | Attr = ]
C:\Documents and Settings\francesca\Documenti\cc_20070424_1651.reg [Ver = | Size = 17143 bytes | Created Date = 24/04/2007 15.51.07 | Attr = ]
C:\Documents and Settings\All Users\Desktop\VIRIT-LT.LNK [Ver = | Size = 529 bytes | Created Date = 24/04/2007 12.22.43 | Attr = ]
C:\Documents and Settings\francesca\Desktop\ristrutturazione_edilizia_fin_2007.pdf [Ver = | Size = 200485 bytes | Created Date = 17/04/2007 16.44.28 | Attr = ]
C:\Documents and Settings\francesca\Desktop\compravendita_casa_2007.pdf [Ver = | Size = 408001 bytes | Created Date = 17/04/2007 16.44.33 | Attr = ]
C:\Documents and Settings\francesca\Desktop\comunicato voice up.doc [Ver = | Size = 28672 bytes | Created Date = 18/04/2007 20.21.31 | Attr = ]
C:\Documents and Settings\francesca\Desktop\Thumbs.db [Ver = | Size = 5632 bytes | Created Date = 24/04/2007 13.54.41 | Attr = HS]
C:\Documents and Settings\francesca\Desktop\CCleaner.lnk [Ver = | Size = 1473 bytes | Created Date = 24/04/2007 15.48.36 | Attr = ]
C:\Documents and Settings\francesca\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Created Date = 24/04/2007 17.53.40 | Attr = ]
C:\Documents and Settings\francesca\Desktop\9755AA7.exe [Ver = | Size = 737280 bytes | Created Date = 24/04/2007 18.42.35 | Attr = ]
C:\Documents and Settings\francesca\Desktop\AGVPFIX.ZIP [Ver = | Size = 548007 bytes | Created Date = 24/04/2007 19.08.14 | Attr = ]
C:\Documents and Settings\francesca\Desktop\WinPFind [Folder | Created Date = 24/04/2007 19.28.49 | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 30/03/2007 18.49.50 | Attr = H ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 30/03/2007 18.49.50 | Attr = ]
C:\WINDOWS\$NtUninstallKB925902$ [Folder | Created Date = 05/04/2007 9.21.52 | Attr = H ]
C:\WINDOWS\$NtUninstallKB932168$ [Folder | Created Date = 14/04/2007 9.56.40 | Attr = H ]
C:\WINDOWS\$NtUninstallKB930178$ [Folder | Created Date = 14/04/2007 9.56.52 | Attr = H ]
C:\WINDOWS\$NtUninstallKB931261$ [Folder | Created Date = 14/04/2007 9.56.57 | Attr = H ]
C:\WINDOWS\$NtUninstallKB935448$ [Folder | Created Date = 14/04/2007 9.57.42 | Attr = H ]
C:\WINDOWS\$NtUninstallKB931784$ [Folder | Created Date = 14/04/2007 9.58.06 | Attr = H ]
C:\WINDOWS\System32\drivers\gkmbsvmu.sys [Ver = | Size = 60416 bytes | Created Date = 24/04/2007 13.21.57 | Attr = ]
C:\WINDOWS\System32\drivers\jygtdinp.sys [Ver = | Size = 60416 bytes | Created Date = 24/04/2007 13.22.05 | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files / Folders Modified Within 30 Days »»»»»»»»»»»»»

C:\hiberfil.sys [Ver = | Size = 536330240 bytes | Modified Date = 24/04/2007 19.45.06 | Attr = HS]
C:\boot.ini [Ver = | Size = 211 bytes | Modified Date = 24/04/2007 18.39.48 | Attr = RHS]
C:\FOUND.004 [Folder | Modified Date = 27/03/2007 11.00.44 | Attr = HS]
C:\VEXPLITE [Folder | Modified Date = 24/04/2007 13.22.28 | Attr = ]
C:\chdir.bat [Ver = | Size = 16 bytes | Modified Date = 24/04/2007 14.22.04 | Attr = ]
C:\Avenger [Folder | Modified Date = 24/04/2007 14.21.58 | Attr = ]
C:\avexport.bat [Ver = | Size = 192 bytes | Modified Date = 24/04/2007 14.22.06 | Attr = ]
C:\zip.exe [Ver = | Size = 126976 bytes | Modified Date = 24/04/2007 14.21.58 | Attr = ]
C:\hmmqtinw.bat [Ver = | Size = 1080 bytes | Modified Date = 24/04/2007 14.21.58 | Attr = ]
C:\reboot.exe [Ver = | Size = 19814 bytes | Modified Date = 24/04/2007 14.21.58 | Attr = ]
C:\reboot.bat [Ver = | Size = 336 bytes | Modified Date = 24/04/2007 14.21.58 | Attr = ]
C:\fvaxratj.bat [Ver = | Size = 1080 bytes | Modified Date = 24/04/2007 14.22.06 | Attr = ]
C:\Documents and Settings\All Users\Dati applicazioni\Windows Genuine Advantage [Folder | Modified Date = 21/04/2007 12.28.12 | Attr = ]
C:\Documents and Settings\francesca\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 54784 bytes | Modified Date = 20/04/2007 18.03.06 | Attr = ]
C:\Documents and Settings\francesca\Documenti\cc_20070424_1650.reg [Ver = | Size = 77087 bytes | Modified Date = 24/04/2007 16.50.58 | Attr = ]
C:\Documents and Settings\francesca\Documenti\cc_20070424_1651.reg [Ver = | Size = 17143 bytes | Modified Date = 24/04/2007 16.51.12 | Attr = ]
C:\Documents and Settings\All Users\Desktop\VIRIT-LT.LNK [Ver = | Size = 529 bytes | Modified Date = 24/04/2007 13.22.44 | Attr = ]
C:\Documents and Settings\francesca\Desktop\ristrutturazione_edilizia_fin_2007.pdf [Ver = | Size = 200485 bytes | Modified Date = 17/04/2007 17.44.30 | Attr = ]
C:\Documents and Settings\francesca\Desktop\compravendita_casa_2007.pdf [Ver = | Size = 408001 bytes | Modified Date = 17/04/2007 17.44.34 | Attr = ]
C:\Documents and Settings\francesca\Desktop\comunicato voice up.doc [Ver = | Size = 28672 bytes | Modified Date = 18/04/2007 21.21.34 | Attr = ]
C:\Documents and Settings\francesca\Desktop\Thumbs.db [Ver = | Size = 5632 bytes | Modified Date = 24/04/2007 14.54.42 | Attr = HS]
C:\Documents and Settings\francesca\Desktop\CCleaner.lnk [Ver = | Size = 1473 bytes | Modified Date = 24/04/2007 16.48.38 | Attr = ]
C:\Documents and Settings\francesca\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Modified Date = 24/04/2007 18.53.22 | Attr = ]
C:\Documents and Settings\francesca\Desktop\9755AA7.exe [Ver = | Size = 737280 bytes | Modified Date = 24/04/2007 19.41.54 | Attr = ]
C:\Documents and Settings\francesca\Desktop\AGVPFIX.ZIP [Ver = | Size = 548007 bytes | Modified Date = 24/04/2007 20.02.14 | Attr = ]
C:\Documents and Settings\francesca\Desktop\WinPFind [Folder | Modified Date = 24/04/2007 20.28.50 | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 227 bytes | Modified Date = 24/04/2007 18.39.48 | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 874 bytes | Modified Date = 24/04/2007 20.13.26 | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 24/04/2007 19.45.12 | Attr = S]
C:\WINDOWS\bthservsdp.dat [Ver = | Size = 12 bytes | Modified Date = 24/04/2007 19.44.34 | Attr = ]
C:\WINDOWS\DUMP418d.tmp [Ver = | Size = 94208 bytes | Modified Date = 28/03/2007 18.53.12 | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 19/04/2007 8.25.48 | Attr = H ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 30/03/2007 20.01.40 | Attr = ]
C:\WINDOWS\$NtUninstallKB925902$ [Folder | Modified Date = 05/04/2007 10.21.54 | Attr = H ]
C:\WINDOWS\$NtUninstallKB932168$ [Folder | Modified Date = 14/04/2007 10.56.42 | Attr = H ]
C:\WINDOWS\$NtUninstallKB930178$ [Folder | Modified Date = 14/04/2007 10.56.54 | Attr = H ]
C:\WINDOWS\$NtUninstallKB931261$ [Folder | Modified Date = 14/04/2007 10.56.58 | Attr = H ]
C:\WINDOWS\$NtUninstallKB935448$ [Folder | Modified Date = 14/04/2007 10.57.44 | Attr = H ]
C:\WINDOWS\$NtUninstallKB931784$ [Folder | Modified Date = 14/04/2007 10.58.08 | Attr = H ]
C:\WINDOWS\System32\AVASTSS.scr ALWIL Software [Ver = 4, 7, 985, 0 | Size = 90112 bytes | Modified Date = 18/04/2007 18.07.00 | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 1158 bytes | Modified Date = 24/04/2007 19.46.06 | Attr = ]
C:\WINDOWS\System32\eRLog.ini [Ver = | Size = 792 bytes | Modified Date = 24/04/2007 19.47.10 | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 223224 bytes | Modified Date = 24/04/2007 16.53.32 | Attr = ]
C:\WINDOWS\System32\CONFIG.NT [Ver = | Size = 2934 bytes | Modified Date = 24/04/2007 11.35.00 | Attr = ]
C:\WINDOWS\System32\aswBoot.exe ALWIL Software [Ver = 4, 7, 985, 0 | Size = 733824 bytes | Modified Date = 18/04/2007 18.17.00 | Attr = ]
C:\WINDOWS\System32\drivers\aswmon.sys ALWIL Software [Ver = 4.7.985.0 | Size = 85952 bytes | Modified Date = 18/04/2007 18.12.32 | Attr = ]
C:\WINDOWS\System32\drivers\aswmon2.sys ALWIL Software [Ver = 4.7.985.0 | Size = 94552 bytes | Modified Date = 18/04/2007 18.12.12 | Attr = ]
C:\WINDOWS\System32\drivers\aavmker4.sys ALWIL Software [Ver = 4.7.985.0 | Size = 26888 bytes | Modified Date = 18/04/2007 18.07.50 | Attr = ]
C:\WINDOWS\System32\drivers\aswTdi.sys ALWIL Software [Ver = 4.7.985.0 | Size = 43176 bytes | Modified Date = 18/04/2007 18.09.10 | Attr = ]
C:\WINDOWS\System32\drivers\aswRdr.sys ALWIL Software [Ver = 4.7.985.0 | Size = 23416 bytes | Modified Date = 18/04/2007 18.10.02 | Attr = ]
C:\WINDOWS\System32\drivers\gkmbsvmu.sys [Ver = | Size = 60416 bytes | Modified Date = 24/04/2007 14.21.58 | Attr = ]
C:\WINDOWS\System32\drivers\jygtdinp.sys [Ver = | Size = 60416 bytes | Modified Date = 24/04/2007 14.22.06 | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
[UPX! , UPX0 , ]C:\Documents and Settings\francesca\Desktop\wrar362it.exe ()
[Thawte Consulting , UPX! , UPX0 , ]C:\Documents and Settings\francesca\Desktop\FirefoxGoogleToolbarSetup.exe ()
[UPX! , UPX0 , ]C:\Documents and Settings\francesca\Desktop\setupita.exe ()
[UPX! , UPX0 , ]C:\Documents and Settings\francesca\Desktop\Systemscan.exe ()
[aspack , ]C:\WINDOWS\Uninstall.exe (ZbSoft)
[aspack , ]C:\WINDOWS\Acer.scr ()
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[Thawte Consulting , ]C:\WINDOWS\System32\XceedSco.dll (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com)
[Thawte Consulting , ]C:\WINDOWS\System32\XceedCry.dll (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com)
[UPX! , UPX0 , ]C:\WINDOWS\System32\aswBoot.exe (ALWIL Software)
[UPX! , UPX0 , ]C:\WINDOWS\System32\CryptoAPI.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\UIVCL.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\keyManager.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\HTCA_SelfExtract.bin ()
[UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()

< End of report >
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am

Messaggioda crazy.cat » mer apr 25, 2007 10:29 am

Nel log si vedono parecchi nomi strani.

command = C:\hmmqtinw.bat ()
command = C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\43110859.exe (File not found)
C:\WINDOWS\System32\drivers\gkmbsvmu.sys
C:\WINDOWS\System32\drivers\jygtdinp.sys
C:\chdir.bat
C:\avexport.bat
C:\zip.exe
C:\hmmqtinw.bat
C:\reboot.exe
C:\reboot.bat
C:\fvaxratj.bat
C:\Documents and Settings\francesca\Desktop\9755AA7.exe

Allega la foto del task manager su questo sito
http://www.MegaLab.it/2995/2
e poi inserisci il link nella discussione.
Se è troppo grande usa il link del Thumbnail for forums (1).
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda triskell » mer apr 25, 2007 12:56 pm

ho risolto seguendo delle indicazioni che ho reperito qui.
da regetdit ho cancellato la chiave explorer.exe dove nella schermata a dx avevo trovato il "sospetto" per cancellarla ho dovuto forzare l'accesso.
per far risalire il desktop ho poi ricreato la stringa shell e ho reinserito il comando explorer.exe: ora posto il log di hjack.
l'ho già analizzato con l'apposita utility e ho caricato su virustotal le stringhe sospette per me..
se c'è qualcosaltro di dubbio fatemi sapere.. grazie mille!
Logfile of HijackThis v1.97.7
Scan saved at 11.55.36, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Acer\Empowering Technology\admServ.exe
c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\francesca\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://global.acer.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Programmi\File comuni\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADMTray.exe] "c:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41A754C1-2C1A-4E1D-BDAF-7A1826A9D22F}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{857FF76B-2845-4A4D-84A1-0DF2DB5B70B3}: NameServer = 193.70.192.15,193.70.152.25 [applauso+]
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am

Messaggioda crazy.cat » mer apr 25, 2007 1:15 pm

Non sembrerebbe esserci altro, ma stai usando una versione vecchia di hijackthis
http://www.trendsecure.com/portal/en-US ... ckthis.php
siamo arrivati alla 2
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda triskell » mer apr 25, 2007 9:34 pm

ah.. ops!:) [:-H]
Avatar utente
triskell
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: dom mar 04, 2007 10:26 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising