Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

virus bagle? aiuto non funzionano avg, kaspersky, task manag

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

virus bagle? aiuto non funzionano avg, kaspersky, task manag

Messaggioda mf.mizzau » mar feb 05, 2008 12:21 pm

Ciao credo di essermi infettata anch'io con bagle: s.o. windows 2000 professional. da un gioeno all'altro è scomparsa l'icona di avg. se clicco sulla cartella avg viene subito richiusa. non riesco ne a disinstallarlo ne a reinstallarl. non risco ad aprire pagine internet riguardanti avg. idem per kaspersky quindi niente scansione on line. elibagla tuttavia non trova nulla . gmer prima dice impossibile fare la scansione perché c:winnt/sistem32/config/ è in uso. poi se faccio scan si richiude subito
aiutatemi. ciao
Avatar utente
mf.mizzau
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mar feb 05, 2008 12:02 pm

Messaggioda ste_95 » mar feb 05, 2008 12:46 pm

«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda mf.mizzau » mar feb 05, 2008 1:22 pm

disattivare il ripristino della configurazione non posso perché windows 2000 non ce l'ha. la scansione on line di kaspersky non posso farla perché se paro la pagina internet del sito della kaspersky me la richiude subito. quindi dovrei forse fare questo?
"Da questi link potete scaricare una copia modificata dei due tools che ha resistito alla variante del virus che avevo a disposizione il Trojan-Downloader.Win32.Bagle.in

http://www.wikifortio.com/630243/AntiBagle.zip
http://www.mediafire.com/?fhm3pr2292r
http://w14.easy-share.com/1698235671.html
_________________"

grazie ciao
Avatar utente
mf.mizzau
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mar feb 05, 2008 12:02 pm


Messaggioda crazy.cat » mar feb 05, 2008 1:27 pm

La cosa si complica se non abbiamo dati su cui lavorare.
Prova ad usare l'hijckthis modificato che trovi in quei link e vediamo una scansione di quel programma.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda mf.mizzau » gio feb 14, 2008 9:46 am

scusate il ritardo ma sono un po' lenta. Allora io riesco ancora ad andare in modalità provvisoria:
questo è il log di hijatckthis i modalità provvisoria:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.36.17, on 12/02/2008
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/myfastpage/res/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE Assistant - {B08D32DE-64B2-4137-8345-87293E70D40B} - C:\WINNT\system32\iea.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Impostazioni video HP] C:\Programmi\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [ESS Daemon] C:\WINNT\ESSD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ActiveScript32] C:\WINNT\system32\nod.exe
O4 - HKLM\..\Run: [Office Monitor] C:\WINNT\system32\alg32.exe
O4 - HKLM\..\RunServices: [] csm.exe
O4 - HKLM\..\RunServices: [Internets Messenger] imessengerss.exe
O4 - HKLM\..\RunServices: [ActiveScript32] C:\WINNT\system32\nod.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Security Center Notification Applse] C:\WINNT\system32\emm.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Image Transfer.lnk = C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://fww.finsiel.it/download/activex/ikcntrls.cab
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EnGenius Network Analysis Tool - Unknown owner - C:\WINNT\system32\dllcache\winegne.exe (file missing)
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\System32\HPConfig.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINNT\System32\dllcache\snchost.exe (file missing)
O23 - Service: Microsoft PowerPoint Application - Unknown owner - C:\WINNT\system32\dllcache\winppa.exe

--
End of file - 4162 bytes


e questo è il log di autostart di gmer (in modalità normale)



GMER 1.0.14.14116 - http://www.gmer.net
Autostart scan 2008-02-12 22:44:30
Windows 5.0.2195 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINNT\system32\userinit.exe, = C:\WINNT\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
igfxcui@DLLName = igfxsrvc.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Browser@ = %SystemRoot%\System32\services.exe
Dhcp@ = %SystemRoot%\System32\services.exe
dmserver@ = %SystemRoot%\System32\services.exe
Dnscache@ = %SystemRoot%\System32\services.exe
EnGenius Network Analysis Tool@ = "C:\WINNT\system32\dllcache\winegne.exe" /*file not found*/
Eventlog@ = %SystemRoot%\system32\services.exe
HPConfig@ = %SystemRoot%\System32\HPConfig.exe
lanmanserver@ = %SystemRoot%\System32\services.exe
lanmanworkstation@ = %SystemRoot%\System32\services.exe
LightScribeService@ = C:\Programmi\File comuni\LightScribe\LSSrvc.exe
LmHosts@ = %SystemRoot%\System32\services.exe
Microsoft Agent@ = "C:\WINNT\System32\dllcache\snchost.exe" /*file not found*/
Microsoft PowerPoint Application@ = "C:\WINNT\system32\dllcache\winppa.exe"
NtmsSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\services.exe
RemoteRegistry@ = %SystemRoot%\system32\regsvc.exe
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\system32\MSTask.exe
seclogon@ = %SystemRoot%\system32\services.exe
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
StiSvc@ = %systemroot%\system32\stisvc.exe
TrkWks@ = %SystemRoot%\system32\services.exe
WinMgmt@ = %SystemRoot%\System32\WBEM\WinMgmt.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@EssSpkPhoneessspk.exe = essspk.exe
@IgfxTrayC:\WINNT\System32\igfxtray.exe = C:\WINNT\System32\igfxtray.exe
@HotKeysCmdsC:\WINNT\System32\hkcmd.exe = C:\WINNT\System32\hkcmd.exe
@Synchronization Managermobsync.exe /logon = mobsync.exe /logon
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@PRPCMonitorPRPCUI.exe = PRPCUI.exe
@Impostazioni video HPC:\Programmi\Hewlett-Packard\HP Display Settings\hpdisply.exe /s /*file not found*/ = C:\Programmi\Hewlett-Packard\HP Display Settings\hpdisply.exe /s /*file not found*/
@CP4HPOTC:\PROGRA~1\HPONE-~1\OneTouch.EXE = C:\PROGRA~1\HPONE-~1\OneTouch.EXE
@ESS DaemonC:\WINNT\ESSD.exe = C:\WINNT\ESSD.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@HPDJ Taskbar UtilityC:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe = C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
@NeroFilterCheckC:\WINNT\system32\NeroCheck.exe = C:\WINNT\system32\NeroCheck.exe
@ActiveScript32C:\WINNT\system32\nod.exe = C:\WINNT\system32\nod.exe
@Office MonitorC:\WINNT\system32\alg32.exe /*file not found*/ = C:\WINNT\system32\alg32.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices >>>
@csm.exe /*file not found*/ = csm.exe /*file not found*/
@Internets Messengerimessengerss.exe /*file not found*/ = imessengerss.exe /*file not found*/
@ActiveScript32C:\WINNT\system32\nod.exe = C:\WINNT\system32\nod.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@internat.exe = internat.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@Network.ConnectionTrayC:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTraystobject.dll = stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINNT\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*Estensione CPL PlusPack*/plustab.dll = plustab.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINNT\System32\hticons.dll = C:\WINNT\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensioni di shell per Windows Script Host*/C:\WINNT\System32\wshext.dll = C:\WINNT\System32\wshext.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINNT\system32\cryptext.dll = C:\WINNT\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Rete e connessioni remote*/C:\WINNT\system32\NETSHELL.dll = C:\WINNT\system32\NETSHELL.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINNT\System32\mstask.dll = C:\WINNT\System32\mstask.dll
@{1A9BA3A0-143A-11CF-8350-444553540000} /*Cartella Preferiti*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{20D04FE0-3AEA-1069-A2D8-08002B30309D} /*Risorse del computer*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{86747AC0-42A0-1069-A2E6-08002B30309D} /*Cartella Sincronia file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{0AFACED1-E828-11D1-9187-B532F1E9575D} /*Collegamento alla cartella*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{12518493-00B2-11d2-9FA5-9E3420524153} /*Volume installato*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{21B22460-3AEA-1069-A2DC-08002B30309D} /*Estensione pagina proprietà file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{B091E540-83E3-11CF-A713-0020AFD79762} /*Pagina tipi di file*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{FBF23B41-E3F0-101B-8488-00AA003E56F8} /*Hook di tipi di file MIME*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{C2FBB630-2971-11d1-A18C-00C04FD75D13} /*Servizio CopyTo Microsoft*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{C2FBB631-2971-11d1-A18C-00C04FD75D13} /*Microsoft MoveTo Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{13709620-C279-11CE-A49E-444553540000} /*Servizio automazione della shell*/C:\WINNT\system32\shell32.dll = C:\WINNT\system32\shell32.dll
@{62112AA1-EBE4-11cf-A5FB-0020AFE7292D} /*Shell Automation Folder View*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{4622AD11-FF23-11d0-8D34-00A0C90F2719} /*Menu Avvio*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{7BA4C740-9E81-11CF-99D3-00AA004AE837} /*Microsoft SendTo Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{D969A300-E7FF-11d0-A93B-00A0C90F2719} /*Microsoft New Object Service*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{09799AFB-AD67-11d1-ABCD-00C04FC30936} /*Apri con gestore menu di scelta rapida*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{3FC0B520-68A9-11D0-8D77-00C04FD70822} /*Mostra estensioni HTML del Pannello di controllo*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{75048700-EF1F-11D0-9888-006097DEACF9} /*ActiveDesktop*/C:\WINNT\system32\shell32.dll = C:\WINNT\system32\shell32.dll
@{6D5313C0-8C62-11D1-B2CD-006097DF8C11} /*Estensione pagina proprietà Opzioni cartella*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{57651662-CE3E-11D0-8D77-00C04FC99D61} /*CmdFileIcon*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{4657278A-411B-11d2-839A-00C04FD918D0} /*Helper trascinamento selezione Shell*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{A470F8CF-A1E8-4f65-8335-227475AA5C46} /*Aggiungere l'elemento di crittografia al menu di scelta rapida in Esplora risorse*/%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{568804CA-CBD7-11d0-9816-00C04FD91972} /*Menu Shell Folder*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{5b4dae26-b807-11d0-9815-00c04fd91972} /*Menu Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8278F931-2A3E-11d2-838F-00C04FD918D0} /*Tracking Shell Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E13EF4E4-D2F2-11d0-9816-00C04FD91972} /*Menu Site*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4F-521C-11D0-B792-00A0C90312E1} /*Menu Desk Bar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{D82BE2B0-5764-11D0-A96E-00C04FD705A2} /*IShellFolderBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{0E5CBF21-D15F-11d0-8301-00AA005B4383} /*Co&llegamenti*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7487cd30-f71a-11d0-9ea7-00805f714772} /*Immagine di anteprima*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\System32\sendmail.dll = C:\WINNT\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINNT\System32\sendmail.dll = C:\WINNT\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{EAB841A0-9550-11CF-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{1AEB1360-5AFC-11D0-B806-00C04FD706EC} /*Programma di estrazione filtri grafici di Office in anteprima*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{9DBD2C50-62AD-11D0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{500202A0-731E-11D0-B829-00C04FD706EC} /*LNK file thumbnail interface delegator*/C:\WINNT\System32\thumbvw.dll = C:\WINNT\System32\thumbvw.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8C-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{fe1290f0-cfbd-11cf-a330-00aa00c16e65} /*Directory Namespace*/dsfolder.dll = dsfolder.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/dsfolder.dll = dsfolder.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/dsquery.dll = dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/dsquery.dll = dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/dsquery.dll = dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/dsuiext.dll = dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/dsuiext.dll = dsuiext.dll
@{450D8FBA-AD25-11D0-98A8-0800361B1103} /*MyDocs Folder*/mydocs.dll = mydocs.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/mydocs.dll = mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/mydocs.dll = mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/mydocs.dll = mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Menu file non in linea*/cscui.dll = cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Opzioni cartella File non in linea*/cscui.dll = cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/cscui.dll = cscui.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/mmcshext.dll = mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office\olkfstub.dll = C:\Programmi\Microsoft Office\Office\olkfstub.dll
@{BB7DF450-F119-11CD-8465-00AA00425D90} /*Microsoft Access Custom Icon Handler*/C:\Programmi\Microsoft Office\Office\soa800.dll = C:\Programmi\Microsoft Office\Office\soa800.dll
@{59850401-6664-101B-B21C-00AA004BA90B} /*Utilità di separazione di Raccoglitore Office.*/C:\Programmi\Microsoft Office\office\UNBIND.DLL = C:\Programmi\Microsoft Office\office\UNBIND.DLL
@{E0D79300-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll
@{E0D79301-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll
@{E0D79302-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
WinZip@{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinZip@{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
WinZip@{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{B08D32DE-64B2-4137-8345-87293E70D40B}C:\WINNT\system32\iea.dll = C:\WINNT\system32\iea.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINNT\system32\ssstars.scr

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.fastweb.it/myfastpage/res/ = http://www.fastweb.it/myfastpage/res/
@Local PageC:\WINNT\System32\blank.htm = C:\WINNT\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
Class Install Handler@CLSID = C:\WINNT\system32\urlmon.dll
deflate@CLSID = C:\WINNT\system32\urlmon.dll
gzip@CLSID = C:\WINNT\system32\urlmon.dll
lzdhtml@CLSID = C:\WINNT\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\shell32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINNT\system32\urlmon.dll
file@CLSID = C:\WINNT\system32\urlmon.dll
ftp@CLSID = C:\WINNT\system32\urlmon.dll
gopher@CLSID = C:\WINNT\system32\urlmon.dll
http@CLSID = C:\WINNT\system32\urlmon.dll
https@CLSID = C:\WINNT\system32\urlmon.dll
its@CLSID = C:\WINNT\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
local@CLSID = C:\WINNT\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINNT\system32\urlmon.dll
ms-its@CLSID = C:\WINNT\System32\itss.dll
res@CLSID = %SystemRoot%\System32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
vnd.ms.radio@CLSID = C:\WINNT\System32\msdxm.ocx

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\rnr20.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\msafd.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015@PackedCatalogItem = %SystemRoot%\system32\msafd.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio Office.lnk = Avvio Office.lnk
Ricerca rapida.lnk = Ricerca rapida.lnk
Image Transfer.lnk = Image Transfer.lnk

---- EOF - GMER 1.0.14 ----

infine il log di gmer in modalità normale nel folder rootkit togliendo la spunta a system e chiedendo show all (se li lascio tutti selezionati mi si chiude ggmer e si riavvia il pc)


GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-12 23:01:51
Windows 5.0.2195 Service Pack 2


---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!RtlPrefetchMemoryNonTemporal 80402584 1 Byte [ 90 ]
.text ntoskrnl.exe!KiDispatchInterrupt + 1DE 8040436A 18 Bytes [ E0, 25, 7F, FF, FF, FF, 0F, ... ]
.text ntoskrnl.exe!KiDispatchInterrupt + 1F6 80404382 1 Byte [ 00 ]
.text hal.dll!KeStallExecutionProcessor + 926 80063AD2 12 Bytes [ 08, 60, 1F, 38, 14, 07, FE, ... ]
.text hal.dll!KeStallExecutionProcessor + 934 80063AE0 2 Bytes [ 1F, 38 ]
.text hal.dll!KeStallExecutionProcessor + 938 80063AE4 6 Bytes [ 1F, 38, 14, 07, FE, 37 ]
.text hal.dll!KeStallExecutionProcessor + 93F 80063AEB 2 Bytes [ 14, 07 ]
.text hal.dll!KeStallExecutionProcessor + 942 80063AEE 3 Bytes [ 89, 3B, 05 ]
.text ...
.text ntdll.dll!NtClose 784628C8 5 Bytes JMP 72049770
.text ntdll.dll!NtWriteFile 78463313 5 Bytes JMP 7204A3D0
.text ntdll.dll!NtCreateKey 78464EC0 5 Bytes JMP 7204ADA0
.text ntdll.dll!NtSetValueKey 78464EDC 5 Bytes JMP 7204AD10
.text ntdll.dll!NtCreateSection 78465EB0 5 Bytes JMP 72049A40
.text ntdll.dll!NtCreateFile 78467CAC 5 Bytes JMP 7204A570
.text ntdll.dll!NtCreateProcess 78472362 5 Bytes JMP 7204AE30
.text ntdll.dll!NtLoadDriver 78479E38 5 Bytes JMP 7204A1E0

---- User code sections - GMER 1.0.14 ----

Themida Sections: C:\WINNT\system32\dllcache\winppa.exe[560] C:\WINNT\system32\dllcache\winppa.exe entry point in "Themida " section [0x00414014]
Themida Sections: C:\WINNT\system32\dllcache\winppa.exe[560] C:\WINNT\system32\dllcache\winppa.exe unknown last section [0x00414000, 0x101000, 0xC0000040]
.text E:\Gmer\gmer.exe[844] gmer.dll!StartApp + 4920 72045E30 10 Bytes [ 55, 8B, EC, 6A, FF, E9, 58, ... ]
.text E:\Gmer\gmer.exe[844] gmer.dll!StartApp + 493F 72045E4F 11 Bytes [ 05, 55, 8B, EC, 6A, FF, E9, ... ]
.text E:\Gmer\gmer.exe[844] gmer.dll!StartApp + 495F 72045E6F 11 Bytes [ 05, 55, 8B, EC, 51, 53, E9, ... ]
.text E:\Gmer\gmer.exe[844] gmer.dll!StartApp + 497F 72045E8F 11 Bytes [ 05, 55, 8B, EC, 51, 53, E9, ... ]
.text E:\Gmer\gmer.exe[844] gmer.dll!StartApp + 499F 72045EAF 12 Bytes [ 05, 55, 8B, EC, 83, EC, 28, ... ]
.text ...
.data Sections: C:\WINNT\essspk.exe[1004] C:\WINNT\essspk.exe unknown last section [0x0040A000, 0x2E78, 0xC0000040]
UPX1 Sections: C:\WINNT\system32\nod.exe[1220] C:\WINNT\system32\nod.exe entry point in "UPX1" section [0x00479860]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINNT\system32\winlogon.exe[180] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetTranslateCapsW] [7751CC65] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\winlogon.exe[180] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetCountryW] [77517827] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\winlogon.exe[180] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineTranslateAddressW] [7751CD55] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\services.exe[208] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetTranslateCapsW] [7751CC65] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\services.exe[208] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetCountryW] [77517827] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\services.exe[208] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineTranslateAddressW] [7751CD55] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\svchost.exe[412] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetTranslateCapsW] [7751CC65] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\svchost.exe[412] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetCountryW] [77517827] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\svchost.exe[412] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineTranslateAddressW] [7751CD55] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\spoolsv.exe[436] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetTranslateCapsW] [7751CC65] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\spoolsv.exe[436] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetCountryW] [77517827] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\spoolsv.exe[436] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineTranslateAddressW] [7751CD55] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASAPI32.DLL [TAPI32.DLL!lineGetTranslateCapsW] [7751CC65] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASAPI32.DLL [TAPI32.DLL!lineGetCountryW] [77517827] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASAPI32.DLL [TAPI32.DLL!lineTranslateAddressW] [7751CD55] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASDLG.dll [TAPI32.dll!lineTranslateAddressW] [7751CD55] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASDLG.dll [TAPI32.dll!LOpenDialAsst] [7751BE2E] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASDLG.dll [TAPI32.dll!lineTranslateDialogW] [7751CB7B] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASDLG.dll [TAPI32.dll!lineSetCurrentLocation] [7751CF8A] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASDLG.dll [TAPI32.dll!lineGetTranslateCapsW] [7751CC65] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASDLG.dll [TAPI32.dll!lineGetCountryW] [77517827] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\RASDLG.dll [TAPI32.dll!lineConfigDialogW] [77515DDF] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineSetStatusMessages] [77519B13] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineGetIDA] [77512750] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineClose] [77512898] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineOpenA] [7751268B] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineShutdown] [775129FD] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineGetDevCapsA] [7751244A] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineGetAddressCapsA] [775128CD] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineNegotiateExtVersion] [77512332] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineNegotiateAPIVersion] [77512176] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineInitializeExA] [77511354] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineDeallocateCall] [7751623F] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineDrop] [775164FF] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineGetCallInfoA] [775176C4] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineGetCallStatus] [775177A5] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineDevSpecific] [77516327] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineSetDevConfigA] [77519875] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineGetDevConfigA] [77517B57] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineMakeCallA] [77518714] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineAnswer] [77515B5F] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\System32\svchost.exe[468] @ C:\WINNT\System32\rastapi.dll [TAPI32.dll!lineAccept] [775159AB] C:\WINNT\System32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\dllcache\winppa.exe[560] @ C:\WINNT\system32\dllcache\RASAPI32.DLL [TAPI32.DLL!lineGetTranslateCapsW] [7751CC65] C:\WINNT\system32\dllcache\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\dllcache\winppa.exe[560] @ C:\WINNT\system32\dllcache\RASAPI32.DLL [TAPI32.DLL!lineGetCountryW] [77517827] C:\WINNT\system32\dllcache\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\dllcache\winppa.exe[560] @ C:\WINNT\system32\dllcache\RASAPI32.DLL [TAPI32.DLL!lineTranslateAddressW] [7751CD55] C:\WINNT\system32\dllcache\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\MSTask.exe[724] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetTranslateCapsW] [7751CC65] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\MSTask.exe[724] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineGetCountryW] [77517827] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\system32\MSTask.exe[724] @ C:\WINNT\system32\RASAPI32.DLL [TAPI32.DLL!lineTranslateAddressW] [7751CD55] C:\WINNT\system32\TAPI32.DLL (DLL client dell'API di Telefonia di Microsoft® Windows(TM)/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [400029E7] C:\WINNT\AppPatch\Win2kPropagateLayer.dll (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [77894662] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [7789469E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryExW] [7789471E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessA] [40002861] C:\WINNT\AppPatch\Win2kPropagateLayer.dll (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessW] [400029E7] C:\WINNT\AppPatch\Win2kPropagateLayer.dll (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryW] [7789469E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryA] [77894662] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.dll!LoadLibraryA] [77894662] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.dll!LoadLibraryW] [7789469E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.dll!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.dll!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!LoadLibraryExW] [7789471E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!LoadLibraryA] [77894662] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.DLL!LoadLibraryW] [7789469E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!LoadLibraryExW] [7789471E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!CreateProcessW] [400029E7] C:\WINNT\AppPatch\Win2kPropagateLayer.dll (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!LoadLibraryA] [77894662] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!LoadLibraryW] [7789469E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\USER32.DLL [KERNEL32.DLL!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [778946DA] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [7789471E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [7789469E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [40002861] C:\WINNT\AppPatch\Win2kPropagateLayer.dll (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [400029E7] C:\WINNT\AppPatch\Win2kPropagateLayer.dll (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [77894662] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [77894662] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [40002861] C:\WINNT\AppPatch\Win2kPropagateLayer.dll (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [400029E7] C:\WINNT\AppPatch\Win2kPropagateLayer.dll (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\COMCTL32.DLL [KERNEL32.dll!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\COMCTL32.DLL [KERNEL32.dll!LoadLibraryW] [7789469E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\COMCTL32.DLL [KERNEL32.dll!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\version.dll [KERNEL32.DLL!FreeLibrary] [7789479A] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\version.dll [KERNEL32.DLL!GetProcAddress] [778945DC] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\version.dll [KERNEL32.DLL!LoadLibraryW] [7789469E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[912] @ C:\WINNT\system32\version.dll [KERNEL32.DLL!LoadLibraryExW] [7789471E] C:\WINNT\system32\shim.dll (Shim Engine DLL for Windows 2000/Microsoft C
Avatar utente
mf.mizzau
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mar feb 05, 2008 12:02 pm

Messaggioda crazy.cat » gio feb 14, 2008 10:02 am

Bisognerebbe cambiare il titolo in non solo bagle, si vedono altri file molto sospetti per non dire virus.
O4 - HKLM\..\Run: [ActiveScript32] C:\WINNT\system32\nod.exe
O4 - HKLM\..\Run: [Office Monitor] C:\WINNT\system32\alg32.exe
O4 - HKLM\..\RunServices: [] csm.exe
O4 - HKLM\..\RunServices: [Internets Messenger] imessengerss.exe
O4 - HKLM\..\RunServices: [ActiveScript32] C:\WINNT\system32\nod.exe
O4 - HKUS\.DEFAULT\..\Run: [Windows Security Center Notification Applse] C:\WINNT\system32\emm.exe (User 'Default user')
O23 - Service: Microsoft PowerPoint Application - Unknown owner - C:\WINNT\system32\dllcache\winppa.exe

Visti i tanti problemi, io opterei per una formattazione del pc, ma se proprio vuoi salvare l'installazione prova intanto a fare qualche scansione, magari dalla modalità provvisoria, con questi antivirus e vediamo se rimuovono qualcosa.
http://www.MegaLab.it/2333
http://www.MegaLab.it/2349

Per togliere il bagle ci serve la scansione online altrimenti non se ne esce.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda ste_95 » gio feb 14, 2008 1:22 pm

Segnalo altre due voci dannose:

C:\WINNT\system32\dllcache\winegne.exe (file missing)
C:\WINNT\System32\dllcache\snchost.exe (file missing)
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising