Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Sospetto dialer

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Sospetto dialer

Messaggioda CarDependant » mar ott 28, 2008 8:11 pm

Il PC va bene, nessun rallentamento particolare o altro, però ogni tanto mi appare una finestra con scritto "Vuoi connetterti ancora?" con i pulsanti Sì e No, e quando apro Internet Explorer trovo la homepage modificata e sul desktop appare un icona particolare, a volte Antivir mi segnalava dei dialer e io cliccavo su "Cancella", insomma temo un infezione nel mio PC, vi posto subito il log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.11.42, on 28/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
D:\uTorrent.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Carmelo\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: ASUS
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2365094468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2365240234
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carmelino1988.spaces.live.com/Ph ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EC4A510-99DA-406D-9E01-783B719E81EB}: NameServer = 193.12.150.2 212.247.152.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7565 bytes
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Sospetto dialer

Messaggioda gioia271965 » mar ott 28, 2008 8:21 pm

Prova a fare una scansione con Malwarebites' Anti-Malware. Io ho eliminato un trojan che neppre l'antivirus identificava...magari ti aiuta...
"Nulla di finito, nemmeno l'intero mondo, può soddisfare l'animo umano che sente il bisogno dell'eterno"
Avatar utente
gioia271965
Silver Member
Silver Member
 
Messaggi: 1422
Iscritto il: ven ott 24, 2008 9:40 am
Località: Taranto

Re: Sospetto dialer

Messaggioda ste_95 » mar ott 28, 2008 9:42 pm

Il log è pulito.

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Re: Sospetto dialer

Messaggioda CarDependant » mar ott 28, 2008 11:12 pm

Log GMER Autostart:

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-10-28 22:55:14
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\WINDOWS\system32\guard32.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe"
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BITS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CLCapSvc@ = "C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe" #? ( `?? p?? p?? ???|@???????m??|???| ? ??????|
CLSched@ = "C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe" n e m a \ K e r n e l \ T V \ C L C a p S v c . e x e Dâ
cmdAgent@ = "C:\Programmi\COMODO\Firewall\cmdagent.exe"
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
MDM@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
PlugPlay@ = %SystemRoot%\system32\services.exe
Pml Driver HPZ12@ = C:\WINDOWS\system32\HPZipm12.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry@ = %SystemRoot%\system32\svchost.exe -k LocalService
RichVideo@ = "C:\Programmi\Cyberlink\Shared files\RichVideo.exe" ??????????????????????????????????????????????????
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SLService@ = slserv.exe
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf@ = C:\WINDOWS\system32\wdfmgr.exe
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@CnxTrApprundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB" = rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
@COMODO Firewall Pro"C:\Programmi\COMODO\Firewall\cfp.exe" -h = "C:\Programmi\COMODO\Firewall\cfp.exe" -h
@PCMService"C:\Programmi\CyberLink\PowerCinema\PCMService.exe" = "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
@RemoteControlC:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe = C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
@avgnt"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
@HP Software UpdateC:\Programmi\HP\HP Software Update\HPWuSchd2.exe = C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" = "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
@UnlockerAssistant"C:\Programmi\Unlocker\UnlockerAssistant.exe" = "C:\Programmi\Unlocker\UnlockerAssistant.exe"
RunOnce@Malwarebytes' Anti-Malware = C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@DAEMON Tools Lite"C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun = "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
@MsnMsgr"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background = "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Gadwin PrintScreenC:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash /*file not found*/ = C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Programmi\Windows Live\Mail\mailcomm.dll = C:\Programmi\Windows Live\Mail\mailcomm.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} /*SnagIt*/C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll /*file not found*/ = C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll /*file not found*/
@{CF74B903-3389-469c-B3B6-0204D204FCBD} /*SnagIt Shell Extension*/C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll /*file not found*/ = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll /*file not found*/
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
SnagItMainShellExt@{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
SnagItMainShellExt@{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll = C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redi ... ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
wlmailhtml@CLSID = C:\Programmi\Windows Live\Mail\mailcomm.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Alice ti aiuta.lnk = Alice ti aiuta.lnk
ASUS = ASUS
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.14 ----


Il link del log Rootkit su MegaUpload:

http://www.megaupload.com/?d=1679W70J

Su Rootkit ho scansionato solo la partizione principale del Hd, quella cioè dove ho installato il Sistema Operativo.
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Sospetto dialer

Messaggioda ste_95 » mer ott 29, 2008 6:47 am

Nel tuo sistema trovi un file del genere, magari entrando in modalità provvisoria?

C:\WINDOWS\System32\Drivers\ad8jh10g.SYS

Se lo trovi, fallo scansionare a VirusTotal.com. Per il resto non ci ho visto nulla, e mi sembrerebbe strano che con barricate del genere ti fosse passato qualcosa.

AL più, prova a fare una scansione con Malwarebites' Anti-Malware.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Sospetto dialer

Messaggioda CarDependant » mer ott 29, 2008 12:06 pm

-Come si avvia in modalità provvisoria? L'ho dimenticato non lo faccio da tempo

-Quel file non l'ho trovato sul pc, forse si vede solo in modalità provvisoria.

-Barricate? Ho solo Antivir, SpywareBlaster e Comodo Firewall, non ho messo altri programmi perché sennò mi rallentava troppo il PC...
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Sospetto dialer

Messaggioda Amantide » mer ott 29, 2008 1:12 pm

Prova a cercare quel file dopo aver abilitato nelle Opzioni cartella la visualizzazione dei file nascosti e di sistema.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Sospetto dialer

Messaggioda CarDependant » ven nov 21, 2008 1:43 pm

Amantide ha scritto:Prova a cercare quel file dopo aver abilitato nelle Opzioni cartella la visualizzazione dei file nascosti e di sistema.


Fatto, non trova quel file, cosa faccio adesso?
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Sospetto dialer

Messaggioda Amantide » ven nov 21, 2008 2:55 pm

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Sospetto dialer

Messaggioda CarDependant » ven nov 21, 2008 3:44 pm

Amantide ha scritto:Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.


Log scansione ComboFix:

ComboFix 08-11-20.02 - Carmelo 2008-11-21 15.56.21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.440 [GMT 1:00]
Eseguito da: c:\documents and settings\Carmelo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Creati Da 2008-10-21 al 2008-11-21 )))))))))))))))))))))))))))))))))))
.

2008-11-19 18:24 . 2008-11-19 18:24 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\vlc
2008-11-18 23:07 . 2008-11-18 23:07 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Gearbox Software
2008-11-18 22:58 . 2008-11-18 23:00 <DIR> d-------- c:\programmi\Ubisoft
2008-11-15 19:42 . 2008-11-21 15:59 <DIR> d-------- c:\programmi\PeerGuardian2
2008-11-14 11:39 . 2008-11-14 11:39 22,368 --a------ c:\documents and settings\Carmelo\hcsngcvi.exe
2008-11-14 11:31 . 2008-11-14 11:31 22,368 --a------ c:\documents and settings\Carmelo\ravpccub.exe
2008-11-14 11:31 . 2008-11-14 11:31 22,368 --a------ c:\documents and settings\Carmelo\koiogdqs.exe
2008-11-14 11:31 . 2008-11-14 11:31 22,368 --a------ c:\documents and settings\Carmelo\feuzheej.exe
2008-11-14 09:55 . 2008-11-14 09:55 22,368 --a------ c:\documents and settings\Carmelo\tmxkhgsf.exe
2008-11-13 17:37 . 2008-11-13 17:37 <DIR> d-------- c:\programmi\BearShare Applications
2008-11-13 17:37 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx
2008-11-13 16:04 . 2008-11-13 16:04 22,368 --a------ c:\documents and settings\Carmelo\ciwcihoj.exe
2008-11-13 13:38 . 2008-11-13 13:38 22,368 --a------ c:\documents and settings\Carmelo\seeqmpwu.exe
2008-11-13 13:15 . 2008-11-13 13:15 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Ashampoo
2008-11-13 13:11 . 2008-11-13 13:11 <DIR> d-------- c:\programmi\Ashampoo
2008-11-13 13:11 . 2008-06-02 13:10 1,363,968 --a------ c:\windows\system32\HDX4H263Decoder.ax
2008-11-13 13:11 . 2008-06-02 13:10 167,936 --a------ c:\windows\system32\HDX4FlashDemuxer.ax
2008-11-12 19:02 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:56 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 18:34 . 2008-11-12 18:34 <DIR> d-------- c:\programmi\Lame MP3 Codec
2008-11-12 18:33 . 2008-11-12 18:33 <DIR> d-------- c:\programmi\Samsung
2008-11-12 18:33 . 2008-11-12 18:33 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\InstallShield
2008-11-12 18:33 . 2008-11-12 18:33 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\DataCast
2008-11-08 20:36 . 2008-11-08 20:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2008-11-08 11:50 . 2008-11-08 11:50 268 --ah----- C:\sqmdata05.sqm
2008-11-08 11:50 . 2008-11-08 11:50 244 --ah----- C:\sqmnoopt05.sqm
2008-11-08 00:31 . 2008-11-08 00:31 268 --ah----- C:\sqmdata04.sqm
2008-11-08 00:31 . 2008-11-08 00:31 244 --ah----- C:\sqmnoopt04.sqm
2008-11-03 12:31 . 2008-11-03 12:54 <DIR> d-------- c:\programmi\My.Freeze.com NetAssistant
2008-11-02 20:54 . 2008-11-13 17:36 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\LimeWire
2008-10-28 22:46 . 2008-10-28 22:54 250 --a------ c:\windows\gmer.ini
2008-10-28 20:29 . 2008-10-28 20:29 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-10-28 20:29 . 2008-10-28 20:29 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Malwarebytes
2008-10-28 20:29 . 2008-10-28 20:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-10-28 20:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-28 20:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-28 18:41 . 2008-10-28 18:41 22,368 --a------ c:\documents and settings\Carmelo\szzvgwtn.exe
2008-10-28 14:46 . 2008-10-28 14:46 22,368 --a------ c:\documents and settings\Carmelo\cswjoely.exe
2008-10-24 08:48 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 17:37 . 2008-10-23 17:37 <DIR> d-------- c:\programmi\Gadwin Systems
2008-10-22 23:15 . 2008-10-22 23:15 <DIR> d-------- c:\programmi\YouTube Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 14:56 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\uTorrent
2008-11-18 19:44 99,216 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-11-18 19:44 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-18 19:44 143,096 ----a-w c:\windows\system32\guard32.dll
2008-11-17 11:35 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Image Zone Express
2008-11-12 17:34 65,024 ----a-w c:\windows\IFinst26.exe
2008-11-12 17:33 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 22:13 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Corel
2008-10-19 22:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Corel
2008-10-19 19:49 88 --sh--r c:\documents and settings\All Users\Dati applicazioni\52B884B868.sys
2008-10-19 19:49 2,828 --sha-w c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2008-10-18 23:55 --------- d-----w c:\programmi\Unlocker
2008-10-18 20:30 --------- d-----w c:\programmi\Java
2008-10-17 10:05 --------- d-----w c:\programmi\HP
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 13:03 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Windows Live Writer
2008-10-08 18:28 --------- d-----w c:\programmi\Riva
2008-10-08 18:28 --------- d-----w c:\programmi\File comuni\SWF Studio
2008-10-07 13:39 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\OpenOffice.org2
2008-10-01 09:59 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\HP
2008-10-01 09:58 --------- d-----w c:\programmi\File comuni\HP
2008-10-01 09:58 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\HP
2008-10-01 09:57 --------- d-----w c:\programmi\Hewlett-Packard
2008-10-01 09:56 --------- d-----w c:\programmi\File comuni\Hewlett-Packard
2008-10-01 09:29 --------- d-----w c:\programmi\Avira
2008-10-01 09:29 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2008-09-30 23:18 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-09-30 23:17 --------- d-----w c:\programmi\SpywareBlaster
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 20:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-09-29 15:53 --------- d-----w c:\programmi\ASUS
2008-09-29 15:52 3,072 ----a-w c:\windows\system32\34CoInstaller.dll
2008-09-29 15:52 2,831,232 ----a-w c:\windows\system32\drivers\3xHybrid.sys
2008-09-29 15:52 13,824 ----a-w c:\windows\system32\Ph3xIB32MV.dll
2008-09-29 15:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\CyberLink
2008-09-29 15:11 --------- d-----w c:\programmi\Foxit Software
2008-09-27 23:51 --------- d-----w c:\programmi\File comuni\Java
2008-09-27 22:03 --------- d-----w c:\programmi\Windows Live
2008-09-27 21:57 --------- d-----w c:\programmi\VideoLAN
2008-09-25 23:59 --------- d-----w c:\programmi\MSXML 4.0
2008-09-25 22:05 --------- d-----w c:\programmi\Messenger Plus! Live
2008-09-25 21:59 --------- d-----w c:\programmi\Microsoft SQL Server Compact Edition
2008-09-25 21:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-09-25 18:51 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\CyberLink
2008-09-25 18:48 --------- d-----w c:\programmi\Cyberlink
2008-09-25 18:15 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-09-25 17:29 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Media Player Classic
2008-09-25 17:26 --------- d-----w c:\programmi\K-Lite Codec Pack
2008-09-25 17:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\comodo
2008-09-25 16:59 --------- d-----w c:\programmi\COMODO
2008-09-25 16:59 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Comodo
2008-09-25 11:12 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Sports Interactive
2008-09-25 11:03 --------- d--h--w c:\programmi\Zero G Registry
2008-09-25 11:02 --------- d-----w c:\programmi\Sports Interactive
2008-09-25 10:55 --------- d-----w c:\programmi\DAEMON Tools Lite
2008-09-25 10:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-25 10:52 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\DAEMON Tools
2008-09-25 10:04 155,995 ----a-w c:\windows\java\Packages\U1FHBVP7.ZIP
2008-09-25 10:04 --------- d-----w c:\programmi\Motive
2008-09-25 10:04 --------- d-----w c:\programmi\Common Files
2008-09-25 10:04 --------- d-----w c:\programmi\Alice ti aiuta
2008-09-25 10:04 --------- d-----w c:\programmi\Aethra
2008-09-25 10:03 --------- d-----w c:\programmi\Telecom Italia
2008-09-25 10:03 --------- d-----w c:\programmi\File comuni\InstallShield
2008-09-25 09:53 --------- d-----w c:\programmi\MarkAny
2008-09-25 09:35 --------- d-----w c:\programmi\Realtek AC97
2008-09-25 09:32 --------- d-----w c:\programmi\NVIDIA
2008-09-25 09:19 --------- d-----w c:\programmi\microsoft frontpage
2008-09-25 09:18 --------- d-----w c:\programmi\Servizi in linea
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MsnMsgr"="c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Gadwin PrintScreen"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"uTorrent"="D:\uTorrent.exe" [2008-10-08 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"CnxTrApp"="c:\programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll" [2004-04-20 247296]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2008-11-18 1796856]
"PCMService"="c:\programmi\CyberLink\PowerCinema\PCMService.exe" [2006-11-08 151552]
"RemoteControl"="c:\programmi\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2008-11-18 1796856]
"SMSTray"="c:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\programmi\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-09-25 212992]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ASUS\ASUS Splendid
ASUS Splendid.lnk - c:\programmi\ASUS\ASUS Splendid\ASUSplendid.exe [2008-09-29 651264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Programmi\\Cyberlink\\PowerCinema\\PCMService.exe"=
"d:\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Carmelo\\Desktop\\eMule0.49b\\eMule0.49b\\emule.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-09-25 99216]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-09-25 31504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-05-03 2831232]

*Newly Created Service* - PGFILTER
*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Carmelo\Dati applicazioni\Mozilla\Firefox\Profiles\cn7trz7e.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - http://www.google.it
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 15:59:05
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSO: c:\windows\system32\winlogon.exe
-> c:\windows\system32\guard32.dll

PROCESSO: c:\windows\system32\lsass.exe
-> c:\windows\system32\guard32.dll
.
Ora fine scansione: 2008-11-21 15.59.48
ComboFix-quarantined-files.txt 2008-11-21 14:59:45

Pre-Run: 67.893.755.904 byte disponibili
Post-Run: 68,459,401,216 byte disponibili

248 --- E O F --- 2008-11-18 23:47:44
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Sospetto dialer

Messaggioda Amantide » ven nov 21, 2008 10:22 pm

Scarica The Avenger, estrailo in una cartella ed avvia il file avenger.exe.
Incolla il seguente spript nello spazio bianco sotto alla voce Input script here, togli la spunta alla voce Scan for rootkits e clicca su Execute.

Codice: Seleziona tutto
Files to delete:
c:\documents and settings\Carmelo\hcsngcvi.exe
c:\documents and settings\Carmelo\ravpccub.exe
c:\documents and settings\Carmelo\koiogdqs.exe
c:\documents and settings\Carmelo\feuzheej.exe
c:\documents and settings\Carmelo\tmxkhgsf.exe
c:\documents and settings\Carmelo\ciwcihoj.exe
c:\documents and settings\Carmelo\seeqmpwu.exe
c:\documents and settings\Carmelo\szzvgwtn.exe
c:\documents and settings\Carmelo\cswjoely.exe
c:\documents and settings\All Users\Dati applicazioni\52B884B868.sys


Il pc dovrebbe riavviarsi, se così non fosse, riavvialo manualmente.
Al riavvio dovrebbe apparire il log avenger.txt, posta qui il suo contenuto.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Sospetto dialer

Messaggioda CarDependant » sab nov 22, 2008 3:44 pm

Ora eseguo tutto, ma per curiosità il mio PC è stato infettato dal Bagle?

Ecco qua il log di Avenger, però al riavvio m'e comparso un altro avviso virus di Antivir con un .exe casuale:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\documents and settings\Carmelo\hcsngcvi.exe" deleted successfully.
File "c:\documents and settings\Carmelo\ravpccub.exe" deleted successfully.
File "c:\documents and settings\Carmelo\koiogdqs.exe" deleted successfully.
File "c:\documents and settings\Carmelo\feuzheej.exe" deleted successfully.
File "c:\documents and settings\Carmelo\tmxkhgsf.exe" deleted successfully.
File "c:\documents and settings\Carmelo\ciwcihoj.exe" deleted successfully.
File "c:\documents and settings\Carmelo\seeqmpwu.exe" deleted successfully.
File "c:\documents and settings\Carmelo\szzvgwtn.exe" deleted successfully.

Error: file "c:\documents and settings\Carmelo\cswjoely.exe" not found!
Deletion of file "c:\documents and settings\Carmelo\cswjoely.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\documents and settings\All Users\Dati applicazioni\52B884B868.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Sospetto dialer

Messaggioda Amantide » sab nov 22, 2008 7:15 pm

CarDependant ha scritto:Ora eseguo tutto, ma per curiosità il mio PC è stato infettato dal Bagle?

No.

però al riavvio m'e comparso un altro avviso virus di Antivir con un .exe casuale:

Fai la scansione completa con Kaspersky online ed allega qui il report della scansione.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Sospetto dialer

Messaggioda CarDependant » sab nov 22, 2008 8:30 pm

E cosa m'è entrato allora?
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Sospetto dialer

Messaggioda Amantide » sab nov 22, 2008 10:02 pm

CarDependant ha scritto:E cosa m'è entrato allora?

Se ci tieni proprio di saperlo, in C:\ c'è la cartella Avenger dove sono stati spostati i file rimossi. Caricali su www.virustotal.com e vedrai di cosa si trattava.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Sospetto dialer

Messaggioda CarDependant » ven dic 12, 2008 4:33 pm

Ho voluto dare un'altra ripassata con ComboFix, ecco il log:

ComboFix 08-12-09.03 - Carmelo 2008-12-12 16.26.14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.571 [GMT 1:00]
Eseguito da: c:\documents and settings\Carmelo\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Windows Live\Messenger\msimg32.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-11-12 al 2008-12-12 )))))))))))))))))))))))))))))))))))
.

2008-12-12 15:59 . 2008-10-16 21:04 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-12 15:59 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-12 15:59 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-12 15:59 . 2008-10-16 21:04 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-12 15:59 . 2008-10-16 21:04 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-12 15:59 . 2008-10-16 21:04 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-12 15:59 . 2008-10-16 21:04 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-12 15:59 . 2008-10-16 21:04 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-12 15:59 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-10 21:46 . 2008-12-10 21:46 <DIR> dr-h----- c:\documents and settings\Carmelo\Dati applicazioni\SecuROM
2008-12-10 21:46 . 2008-12-10 21:46 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-08 00:59 . 2008-12-08 00:59 244 --ah----- C:\sqmnoopt19.sqm
2008-12-08 00:59 . 2008-12-08 00:59 244 --ah----- C:\sqmnoopt18.sqm
2008-12-08 00:59 . 2008-12-08 00:59 244 --ah----- C:\sqmnoopt17.sqm
2008-12-08 00:59 . 2008-12-08 00:59 232 --ah----- C:\sqmdata19.sqm
2008-12-08 00:59 . 2008-12-08 00:59 232 --ah----- C:\sqmdata18.sqm
2008-12-08 00:59 . 2008-12-08 00:59 232 --ah----- C:\sqmdata17.sqm
2008-12-08 00:58 . 2008-12-08 00:58 244 --ah----- C:\sqmnoopt16.sqm
2008-12-08 00:58 . 2008-12-08 00:58 244 --ah----- C:\sqmnoopt15.sqm
2008-12-08 00:58 . 2008-12-08 00:58 232 --ah----- C:\sqmdata16.sqm
2008-12-08 00:58 . 2008-12-08 00:58 232 --ah----- C:\sqmdata15.sqm
2008-12-07 19:32 . 2008-12-07 19:32 24,928 --a------ c:\documents and settings\Carmelo\agczxpzh.exe
2008-12-07 19:04 . 2008-12-07 19:04 <DIR> d-------- c:\programmi\File comuni\PCSuite
2008-12-07 19:04 . 2008-12-07 19:04 <DIR> d-------- c:\programmi\File comuni\Nokia
2008-12-07 19:03 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-12-07 19:03 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-07 19:03 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-07 19:03 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-07 19:03 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-07 14:28 . 2008-12-07 14:28 268 --ah----- C:\sqmdata14.sqm
2008-12-07 14:28 . 2008-12-07 14:28 244 --ah----- C:\sqmnoopt14.sqm
2008-12-07 01:34 . 2008-04-13 11:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-07 01:34 . 2008-04-13 11:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-07 01:33 . 2008-12-12 16:06 1,393 --a------ c:\windows\imsins.BAK
2008-12-07 01:33 . 2008-12-07 01:33 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-07 01:33 . 2008-12-07 01:33 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-07 01:25 . 2008-12-07 01:34 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\PC Suite
2008-12-07 01:25 . 2008-12-07 01:25 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2008-12-07 01:24 . 2008-12-07 01:41 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Nokia
2008-12-07 01:23 . 2008-12-07 01:23 <DIR> d-------- c:\programmi\PC Connectivity Solution
2008-12-07 01:23 . 2008-12-07 19:04 <DIR> d-------- c:\programmi\Nokia
2008-12-07 01:23 . 2008-12-07 01:23 <DIR> d-------- c:\programmi\DIFX
2008-12-07 01:23 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-12-07 01:23 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-07 01:21 . 2008-12-07 19:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Installations
2008-12-07 00:56 . 2008-12-07 00:56 244 --ah----- C:\sqmnoopt13.sqm
2008-12-07 00:56 . 2008-12-07 00:56 232 --ah----- C:\sqmdata13.sqm
2008-12-07 00:52 . 2008-12-08 17:52 268 --ah----- C:\sqmdata12.sqm
2008-12-07 00:52 . 2008-12-08 17:52 244 --ah----- C:\sqmnoopt12.sqm
2008-12-07 00:51 . 2008-12-08 15:00 268 --ah----- C:\sqmdata11.sqm
2008-12-07 00:51 . 2008-12-08 15:00 244 --ah----- C:\sqmnoopt11.sqm
2008-12-07 00:51 . 2008-12-08 01:05 244 --ah----- C:\sqmnoopt10.sqm
2008-12-07 00:51 . 2008-12-08 01:05 232 --ah----- C:\sqmdata10.sqm
2008-12-07 00:50 . 2008-12-08 01:03 244 --ah----- C:\sqmnoopt09.sqm
2008-12-07 00:50 . 2008-12-08 01:03 244 --ah----- C:\sqmnoopt08.sqm
2008-12-07 00:50 . 2008-12-08 01:03 232 --ah----- C:\sqmdata09.sqm
2008-12-07 00:50 . 2008-12-08 01:03 232 --ah----- C:\sqmdata08.sqm
2008-12-07 00:49 . 2008-12-08 01:03 244 --ah----- C:\sqmnoopt07.sqm
2008-12-07 00:49 . 2008-12-08 01:02 244 --ah----- C:\sqmnoopt06.sqm
2008-12-07 00:49 . 2008-12-08 01:03 232 --ah----- C:\sqmdata07.sqm
2008-12-07 00:49 . 2008-12-08 01:02 232 --ah----- C:\sqmdata06.sqm
2008-12-02 19:10 . 2008-12-02 19:10 <DIR> d-------- c:\programmi\Google Hacks
2008-12-02 14:59 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-01 20:38 . 2008-12-01 20:38 <DIR> d-------- c:\programmi\MSECache
2008-11-30 15:38 . 2008-11-30 15:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Age of Empires 3
2008-11-30 15:30 . 2008-11-30 15:30 <DIR> d-------- c:\programmi\Microsoft Games
2008-11-29 12:48 . 2008-11-29 12:48 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\vlc
2008-11-27 12:30 . 2008-11-27 12:30 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2008-11-27 12:25 . 2008-11-27 12:25 <DIR> d-------- c:\programmi\Sierra
2008-11-24 19:59 . 2008-11-24 20:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2008-11-24 19:41 . 2008-12-05 12:42 <DIR> d-------- c:\programmi\Sports Interactive
2008-11-21 18:55 . 2008-11-21 18:55 <DIR> d-------- c:\programmi\CCleaner
2008-11-18 23:07 . 2008-11-28 20:31 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Gearbox Software
2008-11-15 19:42 . 2008-12-09 12:42 <DIR> d-------- c:\programmi\PeerGuardian2
2008-11-13 17:37 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx
2008-11-13 13:15 . 2008-11-13 13:15 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\Ashampoo
2008-11-13 13:11 . 2008-11-13 13:11 <DIR> d-------- c:\programmi\Ashampoo
2008-11-13 13:11 . 2008-06-02 13:10 1,363,968 --a------ c:\windows\system32\HDX4H263Decoder.ax
2008-11-13 13:11 . 2008-06-02 13:10 167,936 --a------ c:\windows\system32\HDX4FlashDemuxer.ax
2008-11-12 19:02 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:56 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 18:34 . 2008-11-12 18:34 <DIR> d-------- c:\programmi\Lame MP3 Codec
2008-11-12 18:33 . 2008-11-12 18:33 <DIR> d-------- c:\programmi\Samsung
2008-11-12 18:33 . 2008-11-12 18:33 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\InstallShield
2008-11-12 18:33 . 2008-11-12 18:33 <DIR> d-------- c:\documents and settings\Carmelo\Dati applicazioni\DataCast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 15:17 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\uTorrent
2008-12-11 18:50 --------- d-----w c:\programmi\Messenger Plus! Live
2008-12-06 15:16 --------- d-----w c:\programmi\Java
2008-12-04 15:11 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-04 15:02 --------- d-----w c:\programmi\HP
2008-12-03 20:23 147,192 ----a-w c:\windows\system32\guard32.dll
2008-12-03 20:23 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-11-29 20:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-28 19:34 --------- d-----w c:\programmi\Motive
2008-11-28 19:33 --------- d-----w c:\programmi\Windows Live
2008-11-27 11:23 --------- d-----w c:\programmi\File comuni\InstallShield
2008-11-24 19:00 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Sports Interactive
2008-11-18 19:44 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-17 11:35 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Image Zone Express
2008-11-13 16:36 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\LimeWire
2008-11-12 17:34 65,024 ----a-w c:\windows\IFinst26.exe
2008-10-28 19:29 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Malwarebytes
2008-10-28 19:29 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 16:37 --------- d-----w c:\programmi\Gadwin Systems
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 22:15 --------- d-----w c:\programmi\YouTube Downloader
2008-10-19 22:13 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Corel
2008-10-19 22:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Corel
2008-10-19 19:49 2,828 --sha-w c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2008-10-18 23:55 --------- d-----w c:\programmi\Unlocker
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 13:03 --------- d-----w c:\documents and settings\Carmelo\Dati applicazioni\Windows Live Writer
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 15:52 3,072 ----a-w c:\windows\system32\34CoInstaller.dll
2008-09-29 15:52 13,824 ----a-w c:\windows\system32\Ph3xIB32MV.dll
2008-09-25 10:04 155,995 ----a-w c:\windows\java\Packages\U1FHBVP7.ZIP
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-10_20.36.41,31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:40 18,808 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:40 233,848 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:38 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:40 402,296 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:04 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:06:04 18,808 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:06:05 233,848 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:06:04 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:42:38 763,768 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:42:45 402,296 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-04-13 17:13:38 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2008-04-13 17:13:38 101,888 -c--a-w c:\windows\ie7\advpack.dll
+ 2008-04-13 17:13:38 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-04-13 17:13:40 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-04-13 17:13:40 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-04-13 17:13:40 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2008-04-13 17:13:40 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2008-04-13 17:14:10 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2008-04-13 17:13:42 143,360 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2008-04-13 17:13:42 221,184 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2002-10-30 02:44:46 237,568 -c--a-w c:\windows\ie7\ieakui.dll
+ 2008-04-13 17:13:42 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-04-13 17:14:10 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2008-04-13 17:13:42 251,904 -c--a-w c:\windows\ie7\iepeers.dll
+ 2008-04-13 17:13:42 49,152 -c--a-w c:\windows\ie7\iernonce.dll
+ 2008-04-13 17:13:42 63,488 -c--a-w c:\windows\ie7\iesetup.dll
+ 2008-04-13 17:14:10 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2008-04-13 17:13:42 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-04-13 17:13:42 96,768 -c--a-w c:\windows\ie7\inseng.dll
+ 2008-04-13 17:13:42 15,872 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2008-04-13 17:13:42 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2008-04-13 17:14:14 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-10-16 01:00:27 3,088,896 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-04-13 17:13:44 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2008-04-13 16:49:06 57,344 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2002-10-30 02:45:04 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-04-13 17:13:48 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-04-13 17:13:48 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2008-04-13 17:13:50 97,280 -c--a-w c:\windows\ie7\occache.dll
+ 2008-04-13 17:13:50 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-10-04 09:03:52 33,472 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-10-04 09:01:34 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:38 215,776 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:38 390,880 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2008-04-13 17:13:56 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-10-16 01:00:26 619,520 -c--a-w c:\windows\ie7\urlmon.dll
+ 2008-04-13 17:13:56 851,968 -c--a-w c:\windows\ie7\vgx.dll
+ 2008-04-13 17:13:58 280,576 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-10-16 01:00:26 668,672 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll.000
+ 2007-08-13 17:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll.000
+ 2007-08-13 17:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 17:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll.000
+ 2007-08-13 17:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 17:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll.000
+ 2007-08-13 17:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe.000
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll.000
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll.000
+ 2007-08-13 16:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll.000
+ 2007-08-13 17:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll.000
+ 2007-08-13 17:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe.000
+ 2007-08-13 17:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll.000
+ 2007-08-13 17:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 17:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll.000
+ 2007-08-13 17:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 17:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll.000
+ 2007-08-13 17:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 17:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll.000
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll.000
+ 2007-08-13 17:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll.000
+ 2007-03-06 01:48:14 215,776 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll.000
+ 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll.000
+ 2007-08-13 17:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:57:14 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:57:14 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll.000
+ 2008-08-26 07:57:14 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:57:14 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:57:14 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:57:14 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-26 07:57:14 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll.000
+ 2008-08-25 08:39:58 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:57:14 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:57:15 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dat
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll.000
+ 2008-08-26 07:57:15 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 16:58:43 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-10-03 16:58:43 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll.000
+ 2008-08-26 07:57:17 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:57:17 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-26 07:57:17 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:57:18 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:57:18 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:57:18 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll.000
+ 2008-08-26 07:57:18 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:57:18 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll.000
+ 2008-08-27 13:27:22 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-27 13:27:22 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll.000
+ 2008-08-26 07:57:20 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:57:21 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:57:21 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:57:21 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:57:21 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:48:14 215,776 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:57:21 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:57:21 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll.000
+ 2008-08-26 07:57:22 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:57:22 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll.000
+ 2008-08-26 07:57:22 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:57:22 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll.000
+ 2008-08-26 07:57:22 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-26 07:57:22 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll.000
- 2008-12-02 22:49:43 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-11 01:17:06 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-11-05 13:13:37 167,936 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-12-11 01:16:42 167,936 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-11-05 13:13:37 2,560 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-12-11 01:16:42 2,560 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-11-05 13:13:37 81,920 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-12-11 01:16:42 81,920 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-11-05 13:13:37 34,304 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-12-11 01:16:42 34,304 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-11-05 13:13:37 8,192 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-12-11 01:16:42 8,192 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-11-05 13:13:37 3,584 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-12-11 01:16:42 3,584 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-11-05 13:13:37 114,688 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-12-11 01:16:42 114,688 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-11-05 13:13:37 16,384 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-12-11 01:16:42 16,384 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-11-05 13:13:37 30,720 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-12-11 01:16:42 30,720 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-11-05 13:13:37 22,528 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-12-11 01:16:42 22,528 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-11-05 13:13:37 45,056 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-12-11 01:16:42 45,056 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-11-05 13:13:37 90,112 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-12-11 01:16:42 90,112 ----a-r c:\windows\Installer\{90280410-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-04-13 17:13:38 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2008-04-13 17:13:38 101,888 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:04:22 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2007-08-13 17:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll
+ 2008-10-16 20:04:22 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2006-09-23 12:12:56 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2007-08-13 17:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll
- 2008-04-13 17:13:38 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 17:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2008-10-16 20:04:22 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:04:22 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:04:22 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2007-08-13 17:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll
+ 2008-10-16 13:13:44 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 20:04:22 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:04:22 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2002-10-30 02:44:46 237,568 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-16 20:04:22 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 17:44:02 69,120 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 17:54:10 191,488 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 20:04:23 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 17:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 17:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 17:39:02 92,672 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 20:04:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-10 19:46:46 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 08:17:42 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2007-08-13 17:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe
- 2008-08-20 05:08:59 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-17 00:34:26 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-16 20:04:24 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll
- 2002-10-30 02:45:04 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2008-10-16 20:04:24 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:04:24 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:04:24 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:04:25 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-20 05:08:56 1,499,648 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 01:00:26 1,499,648 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2006-09-23 12:12:58 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
- 2008-04-13 17:13:56 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:46 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-16 20:04:25 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-20 05:08:57 619,520 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:04:25 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-13 17:54:10 765,952 -c----w c:\windows\system32\dllcache\VGX.dll
+ 2008-10-16 20:04:25 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-20 05:08:56 668,672 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:04:25 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2004-08-10 22:41:04 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 10:37:02 1,026,048 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-10 10:57:40 2,364,472 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-04-13 17:13:40 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:04:22 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2008-04-13 17:13:40 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:04:22 214,528 ------w c:\windows\system32\dxtrans.dll
- 2008-04-13 17:13:40 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:04:22 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:04:22 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2008-04-13 17:14:10 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:13:44 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-04-13 17:13:42 143,360 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:04:22 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-04-13 17:13:42 221,184 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:04:22 230,400 ------w c:\windows\system32\ieaksie.dll
- 2002-10-30 02:44:46 237,568 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-10-16 20:04:22 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-13 17:13:42 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:04:22 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:04:23 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-13 17:13:42 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2008-04-13 17:13:42 49,152 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:04:23 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:04:23 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-13 17:13:42 63,488 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2008-04-13 17:13:42 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2008-04-13 17:13:42 96,768 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2008-04-13 17:13:42 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:04:23 27,648 ------w c:\windows\system32\jsproxy.dll
- 2008-04-13 17:13:42 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
- 2004-08-10 19:46:46 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 08:17:42 96,768 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2008-10-16 20:04:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:04:23 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2008-04-13 17:14:14 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-08-20 05:08:59 3,088,896 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 00:34:26 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-13 17:13:44 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:04:24 477,696 ------w c:\windows\system32\mshtmled.dll
- 2008-04-13 16:49:06 57,344 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2002-10-30 02:45:04 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-04-13 17:13:48 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:04:24 193,024 ------w c:\windows\system32\msrating.dll
- 2008-04-13 17:13:48 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:04:24 671,232 ------w c:\windows\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll
- 2008-04-13 17:13:50 97,280 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:04:24 102,912 ------w c:\windows\system32\occache.dll
- 2008-04-13 17:13:50 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:04:25 44,544 ------w c:\windows\system32\pngfilt.dll
- 2008-08-20 05:08:56 1,499,648 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:00:26 1,499,648 ----a-w c:\windows\system32\shdocvw.dll
- 2008-04-13 17:14:24 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-04-13 17:13:56 37,888 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:04:25 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-20 05:08:57 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:04:25 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-04-13 17:13:58 280,576 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:04:25 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2004-08-10 22:41:04 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 10:37:02 1,026,048 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 10:57:40 2,364,472 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-12 15:09:53 16,384 ----atw c:\windows\temp\Perflib_Perfdata_790.dat
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Gadwin PrintScreen"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"uTorrent"="D:\uTorrent.exe" [2008-10-08 270128]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"CnxTrApp"="c:\programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll" [2004-04-20 247296]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2008-12-03 1797880]
"RemoteControl"="c:\programmi\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2008-12-03 1797880]
"SMSTray"="c:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\programmi\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ASUS\ASUS Splendid
ASUS Splendid.lnk - c:\programmi\ASUS\ASUS Splendid\ASUSplendid.exe [2008-09-29 651264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Carmelo\\Desktop\\eMule0.49b\\eMule0.49b\\emule.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-09-25 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-09-25 31504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-05-03 2831232]
.
.
------- Supplementare di scansione -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: {0EC4A510-99DA-406D-9E01-783B719E81EB} = 193.12.150.2 212.247.152.2

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Carmelo\Dati applicazioni\Mozilla\Firefox\Profiles\cn7trz7e.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.it
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 16:28:36
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2008-12-12 16.29.32
ComboFix-quarantined-files.txt 2008-12-12 15:29:28
ComboFix2.txt 2008-12-10 19:37:09
ComboFix3.txt 2008-11-21 14:59:49

Pre-Run: 63.992.401.920 byte disponibili
Post-Run: 63,981,101,056 byte disponibili

561 --- E O F --- 2008-12-11 14:49:23
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Re: Sospetto dialer

Messaggioda Amantide » ven dic 12, 2008 7:30 pm

Come mai hai voluto rifare la scansione? Hai dei problemi?
Elimina questo file e fai la scansione con Malwarebytes Antimalware.

c:\documents and settings\Carmelo\agczxpzh.exe
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising