Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Sospetta Infezione da Conficker

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Sospetta Infezione da Conficker

Messaggioda oldman50 » ven apr 10, 2009 11:02 pm

Salve, ho un Pc con Windows XP Pro sp3 e tutto sembra funzionare regolarmente, senonchè in Gestione periferiche, sezione Controller SCSI e RAID, compare uno strano IDe Controller che cambia definizione ad ogni riavvio di Windows.
Leggendo la vs. newsletter di questa settimana apprendo che il virus Conficker aggiunge un valore al registro dal nome: xzknvv.
Ho fatto una ricerca nel mio registro di Windows e quel valore è presente in queste due chiavi:
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
HKEY_USERS\S-1-5-21-2000478354-1637723038-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5603
Che ne pensate, si tratta di infezione da Conficker ?
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm

Re: Sospetta Infezione da Conficker

Messaggioda ste_95 » sab apr 11, 2009 5:53 am

Cerchiamo di avere maggiori informazioni.

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Sospetta Infezione da Conficker

Messaggioda oldman50 » sab apr 11, 2009 10:58 pm

Grazie innanzitutto per la risposta.
Dimenticavo di dire che ho già effettuato una scansione con McAfee Stinger Conficker, senza trovare nulla di sospetto.
Se può essere d'aiuto, il mio antivirus attuale è Avira Antivir Premium, mentre il firewall è quello di Windows.
Fino a qualche giorno fa avevo installato la Suite di Avira ( Antivirus+Firewal), ma dal momento che mi dava qualche problema di instabilità di sistema e oltretutto assorbiva parecchie risorse, alla scadenza ( 4 Aprile) ho richiesto alla casa tedesca la licenza per il solo Antivirus. Per quanto riguarda il firewall, tempo fa utilizzavo comodo firewall e mi trovavo bene.
Attualmente devo ancora valutare la scelta, per cui, per il momento ho attivato quello di sistema: meglio di niente !
Allego solo il 1° report di Gmer, in quanto ambedue superano il numero massimo di caratteri permessi.
Invio di seguito il report della scansione Rootkit.

GMER 1.0.15.14966 - http://www.gmer.net
Autostart scan 2009-04-11 15:53:48
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
LMIinit@DLLName = LMIinit.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Alerter@ = %SystemRoot%\system32\svchost.exe -k LocalService
AntiVirMailService@ = "C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe"
AntiVirScheduler@ = "C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe"
AntiVirService@ = "C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe"
antivirwebservice@ = "C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE"
APC UPS Service@ = C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
AVEService@ = "C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe"
BITS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
hpqcxs08@ = %SystemRoot%\system32\svchost.exe -k hpdevmgmt
JavaQuickStarterService@ = "C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf"
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
LogMeIn@ = C:\Programmi\LogMeIn\x86\LogMeIn.exe
McAfee SiteAdvisor Service@ = "C:\Programmi\McAfee\SiteAdvisor\McSACore.exe"
MDM@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Netman@ = %SystemRoot%\System32\svchost.exe -k netsvcs
NetTcpPortSharing@ = "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
PlugPlay@ = %SystemRoot%\system32\services.exe
Pml Driver HPH11@ = C:\WINDOWS\system32\HPHipm11.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RasAuto@ = %SystemRoot%\system32\svchost.exe -k netsvcs
RasMan@ = %SystemRoot%\system32\svchost.exe -k netsvcs
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
TapiSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WudfSvc@ = %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs
yksvc@ = RUNDLL32.EXE ykx32mpcoinst,serviceStartProc

HKLM\Software\Microsoft\Windows\CurrentVersion\ >>>
Run@StartupDelayer = "C:\Programmi\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTray%systemroot%\system32\stobject.dll = %systemroot%\system32\stobject.dll
@UPnPMonitorC:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Programmi\SUPERAntiSpyware\SASSEH.DLL = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\system\ole db\oledb32.dll = C:\Programmi\File comuni\system\ole db\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Shell Microsoft AutoComplete*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\Browseui.dll = %SystemRoot%\system32\Browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\Shdocvw.dll = %SystemRoot%\system32\Shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\Shdocvw.dll = %SystemRoot%\system32\Shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\Shdocvw.dll = %SystemRoot%\system32\Shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\Shdocvw.dll = %SystemRoot%\system32\Shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\Shdocvw.dll = %SystemRoot%\system32\Shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\Shdocvw.dll = %SystemRoot%\system32\Shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{EFA24E62-B078-11d0-89E4-00C04FC9E26E} /*History Band*/%SystemRoot%\system32\Shdocvw.dll = %SystemRoot%\system32\Shdocvw.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =
@{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /*NeroCoverEd Live Icons*/C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll = C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} /*FileMenuTools*/C:\Programmi\LopeSoft\FileMenu Tools\FileMenuTools.dll = C:\Programmi\LopeSoft\FileMenu Tools\FileMenuTools.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{72923739-5A47-40A3-9895-25AF0DFBB9E4} /*Glary Utilities Context Menu Shell Extension*/C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{25336920-03f9-11cf-8fd0-00aa00686f13} /*HTML Document*/C:\WINDOWS\system32\mshtml.dll = C:\WINDOWS\system32\mshtml.dll
@{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} /*MSHTML Document*/C:\WINDOWS\system32\mshtml.dll = C:\WINDOWS\system32\mshtml.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\Avira\AntiVir PersonalEdition Premium\shlext.dll = C:\Programmi\Avira\AntiVir PersonalEdition Premium\shlext.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = C:\Programmi\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
FileMenuTools@{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} = C:\Programmi\LopeSoft\FileMenu Tools\FileMenuTools.dll
Glary Utilities@{72923739-5A47-40A3-9895-25AF0DFBB9E4} = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Premium\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{CA8ACAFA-5FBB-467B-B348-90DD488DE003}C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL = C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
FileMenuTools@{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} = C:\Programmi\LopeSoft\FileMenu Tools\FileMenuTools.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Programmi\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
FileMenuTools@{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} = C:\Programmi\LopeSoft\FileMenu Tools\FileMenuTools.dll
Glary Utilities@{72923739-5A47-40A3-9895-25AF0DFBB9E4} = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Premium\shlext.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{B164E929-A1B6-4A06-B104-2CD0E90A88FF}c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
sacore@CLSID = c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED565B17-7AE4-4DE4-A7CA-AFDA3174C547} /*Connessione alla rete locale (LAN) Marvell Yukon 88E8001-8003-8010 PCI Gigabit Ethernet Controller */ >>>
@IPAddress192.168.1.50 = 192.168.1.50
@NameServer193.12.150.2,212.247.152.2 = 193.12.150.2,212.247.152.2
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000004@LibraryPath = %SystemRoot%\System32\nwprovau.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = avsda.dll
000000000002@PackedCatalogItem = avsda.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000028@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000029@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000030@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000031@PackedCatalogItem = avsda.dll

---- EOF - GMER 1.0.15 ----


[
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm


Re: Sospetta Infezione da Conficker

Messaggioda oldman50 » sab apr 11, 2009 11:00 pm

Report scansione Gmer per Rootkit.

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-11 19:25:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spqy.sys ZwCreateKey [0xB9EA80E0]
SSDT A11DAD44 ZwCreateThread
SSDT spqy.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spqy.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spqy.sys ZwOpenKey [0xB9EA80C0]
SSDT A11DAD30 ZwOpenProcess
SSDT A11DAD35 ZwOpenThread
SSDT spqy.sys ZwQueryKey [0xB9EC7108]
SSDT spqy.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spqy.sys ZwSetValueKey [0xB9EC719A]
SSDT A11DAD3F ZwTerminateProcess
SSDT A11DAD3A ZwWriteVirtualMemory

INT 0x62 ? 8B018BF8
INT 0x63 ? 8B018BF8
INT 0x73 ? 8B01BBF8
INT 0x82 ? 8B018BF8
INT 0x94 ? 8AB43BF8
INT 0xA4 ? 8AB43BF8
INT 0xB4 ? 8B01BBF8
INT 0xB4 ? 8AB43BF8
INT 0xB4 ? 8B01BBF8

---- Kernel code sections - GMER 1.0.15 ----

? spqy.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload B84D58AC 5 Bytes JMP 8AB431D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spqy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spqy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spqy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spqy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spqy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spqy.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B0151F8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)

Device \Driver\NetBT \Device\NetBT_Tcpip_{ED565B17-7AE4-4DE4-A7CA-AFDA3174C547} 8A100500
Device \Driver\NetBT \Device\NetBT_Tcpip_{98D70C06-F402-4F5E-B05D-F7CBFA5F6875} 8A100500
Device \Driver\usbuhci \Device\USBPDO-0 8AB421F8
Device \Driver\usbuhci \Device\USBPDO-1 8AB421F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B08B1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B08B1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B08B1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B08B1F8
Device \Driver\usbuhci \Device\USBPDO-2 8AB421F8
Device \Driver\usbuhci \Device\USBPDO-3 8AB421F8
Device \Driver\usbehci \Device\USBPDO-4 8AB151F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B0191F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B0191F8
Device \Driver\Cdrom \Device\CdRom0 8AAEE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B0191F8
Device \Driver\Cdrom \Device\CdRom1 8AAEE1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A100500
Device \Driver\NetBT \Device\NetbiosSmb 8A100500
Device \Driver\usbuhci \Device\USBFDO-0 8AB421F8
Device \Driver\usbuhci \Device\USBFDO-1 8AB421F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0E1500
Device \Driver\usbuhci \Device\USBFDO-2 8AB421F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0E1500
Device \Driver\usbuhci \Device\USBFDO-3 8AB421F8
Device \Driver\usbehci \Device\USBFDO-4 8AB151F8
Device \Driver\Ftdisk \Device\FtControl 8B0191F8
Device \Driver\iteraid \Device\Scsi\iteraid1Port5Path0Target0Lun0 8B0161F8
Device \Driver\iteraid \Device\Scsi\iteraid1Port5Path0Target2Lun0 8B0161F8
Device \Driver\iteraid \Device\Scsi\iteraid1 8B0161F8
Device \Driver\SI3132 \Device\Scsi\SI31321 8B0171F8
Device \FileSystem\Cdfs \Cdfs 89FC7500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000272c10427
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000272c10427@0015a0850b5e 0x9E 0x2E 0x2A 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272c10427
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272c10427@0015a0850b5e 0x9E 0x2E 0x2A 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x9E 0x94 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0xED 0x1A 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x59 0x21 0x6E 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFC 0xCA 0x09 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272c10427
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272c10427@0015a0850b5e 0x9E 0x2E 0x2A 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x9E 0x94 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0xED 0x1A 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x59 0x21 0x6E 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFC 0xCA 0x09 0x84 ...
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@Protocol 5
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@Protocol 10
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@Protocol 5
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@Protocol 10
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@Protocol 10
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@Protocol 10
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@Protocol 10
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@Protocol 10
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@Protocol 10
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@Protocol 10
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0@NumConn 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@AddrType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@AddrStart 0.0.0.0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@AddrEnd 255.255.255.255
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@PortType 8
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@PortStart 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@PortEnd 65535
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@Protocol 5
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@Response 0
Reg HKLM\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0@NumConn 0
Reg HKLM\SOFTWARE\Classes\Interface\{53252C1F-1663-4E2B-90DB-945C1681053B}\ProxyStubClsid@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{53252C1F-1663-4E2B-90DB-945C1681053B}\ProxyStubClsid32@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{53252C1F-1663-4E2B-90DB-945C1681053B}\TypeLib@ {BD1D0EFE-F49E-4EC8-95AC-224BC4FD2211}
Reg HKLM\SOFTWARE\Classes\Interface\{53252C1F-1663-4E2B-90DB-945C1681053B}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\Interface\{883594D1-0F8F-4D21-B2F1-7C7CBC1A86C4}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{883594D1-0F8F-4D21-B2F1-7C7CBC1A86C4}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{883594D1-0F8F-4D21-B2F1-7C7CBC1A86C4}\TypeLib@ {BD1D0EFE-F49E-4EC8-95AC-224BC4FD2211}
Reg HKLM\SOFTWARE\Classes\Interface\{883594D1-0F8F-4D21-B2F1-7C7CBC1A86C4}\TypeLib@Version 1.0

---- EOF - GMER 1.0.15 ----
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm

Re: Sospetta Infezione da Conficker

Messaggioda ste_95 » dom apr 12, 2009 6:07 am

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Sospetta Infezione da Conficker

Messaggioda oldman50 » dom apr 12, 2009 8:50 am

Buongiorno, allego il log della scansione con Combofix,

ComboFix 09-04-04.01 - oldman50 2009-04-12 9.37.10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.3071.2512 [GMT 2:00]
Eseguito da: c:\documents and settings\oldman50\desktop\abc.exe
Opzioni usate :: /killall
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: Prevx 2.0 *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-12 al 2009-04-12 )))))))))))))))))))))))))))))))))))
.

2009-04-10 08:05 . 2009-04-10 08:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SiteAdvisor
2009-04-10 08:04 . 2009-04-11 14:15 <DIR> d-------- c:\programmi\McAfee
2009-04-10 08:04 . 2009-04-10 08:04 <DIR> d-------- c:\programmi\File comuni\McAfee
2009-04-10 08:04 . 2009-04-10 08:04 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-04-09 15:27 . 2009-04-09 15:27 <DIR> d-------- c:\programmi\MapInfo MapX
2009-04-09 15:25 . 2009-04-09 15:29 <DIR> d-------- c:\windows\Crystal
2009-04-09 15:25 . 2009-04-09 15:25 <DIR> d-------- c:\programmi\Seagate Software
2009-04-09 15:05 . 2009-04-09 15:05 <DIR> d-------- c:\programmi\Pubblicazione guidata
2009-04-09 15:05 . 1998-04-21 12:20 145,360 -ra------ c:\windows\system32\WEBPOST.DLL
2009-04-09 15:05 . 1998-05-28 14:26 121,472 -ra------ c:\windows\system32\CRSWPP.DLL
2009-04-09 15:05 . 1998-06-02 10:48 110,016 -ra------ c:\windows\system32\WPWIZDLL.DLL
2009-04-09 15:05 . 1998-04-21 12:20 98,960 -ra------ c:\windows\system32\FTPWPP.DLL
2009-04-09 15:05 . 1998-05-22 10:13 98,496 -ra------ c:\windows\system32\POSTWPP.DLL
2009-04-09 15:05 . 1998-05-22 10:13 92,432 -ra------ c:\windows\system32\FPWPP.DLL
2009-04-09 15:05 . 1998-04-21 12:20 50,816 -ra------ c:\windows\system32\PIPARSE.DLL
2009-04-09 15:04 . 2009-04-09 15:04 <DIR> d-------- c:\windows\msapps
2009-04-09 14:44 . 2009-04-09 14:58 74,752 --a------ c:\windows\ST6UNST.EXE
2009-04-09 13:38 . 2009-04-10 22:11 <DIR> d-------- c:\programmi\ORDINI
2009-04-09 01:22 . 2009-04-09 01:22 327 --a------ c:\windows\ST6UNST.002
2009-04-09 00:27 . 2009-01-09 21:19 1,090,181 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-04-09 00:12 . 2009-04-09 00:18 <DIR> d-------- c:\windows\SxsCaPendDel
2009-04-09 00:12 . 2009-04-09 00:12 <DIR> d-------- c:\programmi\Reference Assemblies
2009-04-08 22:58 . 2009-04-08 23:18 <DIR> d-------- c:\windows\system32\URTTemp
2009-04-08 22:42 . 2009-04-08 22:42 <DIR> d-------- c:\programmi\Windows Installer Clean Up
2009-04-07 23:21 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-07 23:21 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-07 23:21 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-07 23:21 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-03 23:04 . 2009-04-03 23:04 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Drivers Headquarters
2009-04-03 22:29 . 2009-04-03 22:29 <DIR> d-------- c:\programmi\Avira GmbH
2009-04-03 01:25 . 2009-04-03 01:25 <DIR> d-------- c:\documents and settings\oldman50\Dati applicazioni\Avira
2009-04-03 01:00 . 2009-04-03 01:00 <DIR> d-------- c:\programmi\Avira
2009-03-31 14:23 . 2009-03-31 14:23 <DIR> d-------- C:\unzipped
2009-03-29 13:52 . 2009-04-09 22:59 565 --a------ C:\hpfr5550.xml
2009-03-26 01:18 . 2009-03-26 01:18 327 --a------ c:\windows\ST6UNST.001
2009-03-25 23:04 . 2009-03-25 23:04 <DIR> d-------- c:\programmi\Lavalys
2009-03-25 22:20 . 2009-03-29 16:09 <DIR> d-------- C:\HijackThis
2009-03-25 01:38 . 2009-03-25 01:39 327 --a------ c:\windows\ST6UNST.000
2009-03-24 14:49 . 2009-03-24 14:49 26 --a------ c:\windows\Zone.Identifier
2009-03-24 01:38 . 2009-03-24 01:38 <DIR> d-------- c:\programmi\Total Uninstall 5
2009-03-24 01:38 . 2009-03-24 01:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Martau
2009-03-23 23:57 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-21 00:16 . 2009-03-21 00:16 <DIR> d-------- c:\programmi\Unknown Device Identifier
2009-03-20 23:48 . 2009-03-20 23:48 <DIR> d-------- c:\programmi\Hewlett-Packard
2009-03-20 15:08 . 2009-03-20 15:08 <DIR> d--hs---- c:\documents and settings\oldman50\IECompatCache
2009-03-20 15:05 . 2009-03-20 15:05 <DIR> d--hs---- c:\documents and settings\oldman50\PrivacIE
2009-03-20 15:04 . 2009-03-20 15:04 <DIR> d--hs---- c:\documents and settings\oldman50\IETldCache
2009-03-20 15:04 . 2009-03-20 15:04 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-20 15:02 . 2009-03-20 15:02 <DIR> d-------- c:\windows\ie8updates
2009-03-20 15:01 . 2009-03-20 15:01 <DIR> d--h-c--- c:\windows\ie8
2009-03-20 14:59 . 2009-02-28 06:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-19 14:25 . 2009-03-19 14:25 <DIR> d-------- c:\windows\system32\config\systemprofile\Dati applicazioni\SACore
2009-03-16 16:49 . 2009-03-16 16:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MicroWorld
2009-03-16 16:49 . 2009-03-16 16:49 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-16 16:49 . 2005-09-23 00:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-15 10:49 . 2008-02-19 10:09 72,704 --a------ c:\windows\system32\drivers\HS3dSensor1394.sys
2009-03-15 02:36 . 2006-02-26 18:21 26,112 --a------ c:\windows\system32\drivers\iteraid.sys
2009-03-15 00:21 . 2009-03-15 00:21 <DIR> d-------- c:\programmi\Innovative Solutions
2009-03-14 22:36 . 2009-03-14 23:26 <DIR> d-------- c:\programmi\DriverGuide Toolkit
2009-03-12 21:51 . 2009-03-13 01:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-03-12 21:51 . 2009-03-12 21:51 22,536 --a------ c:\windows\system32\drivers\pxscan.sys
2009-03-12 15:45 . 2009-03-12 16:06 <DIR> d-------- c:\programmi\Windows Live Safety Center
2009-03-12 15:34 . 2005-04-25 14:30 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-03-12 00:22 . 2009-03-12 00:22 0 --a------ c:\windows\bench32.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 23:14 --------- d-----w c:\programmi\LogMeIn
2009-04-09 12:58 290,816 ------w c:\windows\Setup1.exe
2009-04-08 22:43 --------- d-----w c:\programmi\NotesSQL
2009-04-08 20:42 --------- d-----w c:\programmi\MSECACHE
2009-04-03 21:03 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-02 23:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-03-27 06:57 86,480 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-27 06:57 7,020,576 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-16 08:07 --------- d-----w c:\programmi\nLite
2009-03-12 22:38 --------- d-----w c:\programmi\File comuni\Adobe
2009-03-10 22:40 --------- d-----w c:\programmi\Vimicro
2009-03-09 23:33 --------- d-----w c:\programmi\Intel
2009-03-09 00:30 --------- d-----w c:\programmi\Microsoft Silverlight
2009-03-08 23:37 --------- d-----w c:\documents and settings\oldman50\Dati applicazioni\ATI
2009-03-08 23:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI
2009-03-08 23:35 --------- d-----w c:\programmi\ATI
2009-03-08 23:34 --------- d-----w c:\programmi\ATI Technologies
2009-03-08 23:21 --------- d-----w c:\programmi\Driver Cleaner Pro
2009-03-08 23:03 --------- d-----w c:\programmi\SUPERAntiSpyware
2009-03-08 23:03 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-03-08 23:03 --------- d-----w c:\documents and settings\oldman50\Dati applicazioni\SUPERAntiSpyware.com
2009-03-06 22:30 --------- d-----w c:\programmi\eMule
2009-03-01 01:02 --------- d-----w c:\programmi\CCleaner
2009-02-21 13:57 --------- d-----w c:\programmi\IObit
2009-02-21 13:57 --------- d-----w c:\documents and settings\oldman50\Dati applicazioni\IObit
2009-02-20 22:53 --------- d-----w c:\programmi\Auslogics
2009-02-20 22:53 --------- d-----w c:\documents and settings\oldman50\Dati applicazioni\Auslogics
2009-02-15 20:29 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-15 00:19 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\SACore
2009-02-14 23:43 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-01-18 16:11 66,048 ----a-w C:\mbr.exe
2007-11-22 00:10 14 ----a-w c:\documents and settings\oldman50\getfile.dat
2007-07-01 18:48 1,023 ---ha-w c:\documents and settings\oldman50\hpothb07.dat
2008-04-29 23:16 23 --sha-w c:\windows\system32\aabbfd_z.dll
2008-07-25 22:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008072620080727\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\programmi\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2008-11-29 147456]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 21:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^APC UPS Status.lnk]
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^CoolDrive6.exe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^oldman50^Menu Avvio^Programmi^Esecuzione automatica^FTCtrl32.EXE.lnk]
backup=c:\windows\pss\FTCtrl32.EXE.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^oldman50^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Scheduler.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^oldman50^Menu Avvio^Programmi^Esecuzione automatica^PrevxCSI.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^oldman50^Menu Avvio^Programmi^Esecuzione automatica^VirtualExpander.lnk]
backup=c:\windows\pss\VirtualExpander.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
--a------ 2007-10-04 19:38 307200 c:\programmi\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HD Tune]
--a------ 2007-09-03 01:37 401408 c:\progra~1\HDTUNE~1\HDTune.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 17:24 54840 c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-11-22 11:31 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
--a------ 2002-11-22 11:30 348160 c:\windows\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-07-24 19:46 63048 c:\programmi\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2009-02-03 23:21 61440 c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-07 00:26 148888 c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2002-09-10 17:00 3072 c:\windows\system32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 06:15 15872 c:\programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2004-03-18 09:33 892928 c:\programmi\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 17:20 57344 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 04:14 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-09-09 19:39 16851968 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"wuauserv"=2 (0x2)
"UPS"=3 (0x3)
"SharedAccess"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"LMIMaint"=3 (0x3)
"aspnet_state"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\oldman50\\PROTEZIONE, MANUTENZ. E USO DEL PC\\Controllo Remoto\\TeamViewerPortable_it V.4.0.5459\\TeamViewer.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2009-03-15 26112]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2009-01-06 26808]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-03-12 22536]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-04-03 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-04-03 258305]
R2 AVEService;Servizio assistenza di Avira AntiVir Premium MailGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-04-03 41217]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-25 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [2009-04-10 210216]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [2009-03-15 72704]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: avsda.dll
TCP: {ED565B17-7AE4-4DE4-A7CA-AFDA3174C547} = 193.12.150.2,212.247.152.2
FF - ProfilePath - c:\documents and settings\oldman50\Dati applicazioni\Mozilla\Firefox\Profiles\9jt273rq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.blugoogle.it
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\oldman50\Dati applicazioni\Mozilla\Firefox\Profiles\9jt273rq.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 09:41:36
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{53252C1F-1663-4E2B-90DB-945C1681053B}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{53252C1F-1663-4E2B-90DB-945C1681053B}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{53252C1F-1663-4E2B-90DB-945C1681053B}\TypeLib]
@DACL=(02 0000)
@="{BD1D0EFE-F49E-4EC8-95AC-224BC4FD2211}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{883594D1-0F8F-4D21-B2F1-7C7CBC1A86C4}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{883594D1-0F8F-4D21-B2F1-7C7CBC1A86C4}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{883594D1-0F8F-4D21-B2F1-7C7CBC1A86C4}\TypeLib]
@DACL=(02 0000)
@="{BD1D0EFE-F49E-4EC8-95AC-224BC4FD2211}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Electronic Arts\Need for Speed Carbon\1.0]
@DACL=(02 0000)
"Language"=dword:00000001
"DisplayName"="Need for Speed™ Carbon"
"LanguageName"="English US"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:00000005
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\0\1]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:00000005
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\1\1]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\2\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\20\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\3\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\4\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\5\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\9\0]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:00000005
"Response"=dword:00000000
"NumConn"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\programmi\APC\APC PowerChute Personal Edition\mainserv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\LogMeIn\x86\LogMeIn.exe
c:\programmi\LogMeIn\x86\LMIGuardian.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\hphipm11.exe
c:\windows\system32\rundll32.exe
c:\programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-12 9:44:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-12 07:44:35

Pre-Run: 181,415,256,064 byte disponibili
Post-Run: 181,404,102,656 byte disponibili

421 --- E O F --- 2009-04-05 12:22:58
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm

Re: Sospetta Infezione da Conficker

Messaggioda ste_95 » dom apr 12, 2009 9:21 am

Questo lo conosci?

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Sospetta Infezione da Conficker

Messaggioda oldman50 » dom apr 12, 2009 9:57 am

A meno che non sia un falso servizio, Process Explorer lo individua come il servizio relativo alla mia scheda di rete, una Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller.
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm

Re: Sospetta Infezione da Conficker

Messaggioda ste_95 » dom apr 12, 2009 11:15 am

Se non hai sintomi di virus (impossibile aggiornare l'antivirus, accedere ai siti di sicurezza, aggiornare il sistema), penso proprio che non ci sia da preoccuparsi. [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Sospetta Infezione da Conficker

Messaggioda oldman50 » dom apr 12, 2009 11:37 am

Non ho sintomi da infezione da Virus.
Ma allora la presenza nel registro del servizio " xzknvv " è normale ?
Facendo mente locale, quell' IDE Controller fantasma dovrebbe essere comparso dopo l'utilizzo di un USB/SATA HDD Case, un adattatore per HD Notebook che avevo collegato al mio pc desktop per formattare l' HD di un Notebook.
Il case era di bassa qualità, rigorosamente Made in China, acquistato per pochi euro ad una Fiera dell'Informatica.
Pensi sia possibile ?
Comunque, se disinstallo il driver, al riavvio ricompare sotto altra definizione.
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm

Re: Sospetta Infezione da Conficker

Messaggioda ste_95 » dom apr 12, 2009 4:48 pm

Puoi controllare il contenuto di quelle chiavi?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Sospetta Infezione da Conficker

Messaggioda oldman50 » dom apr 12, 2009 11:54 pm

Beh, se ti riferisci alle chiavi che contengono il servizio xzknvv, ho effettuato una nuova ricerca nel registro e quel servizio non esiste più, e non esistono più neanche le cartelle acmru\5603 che lo contenevano.
In compenso l' IDE controller con il punto esclamativo giallo è senpre li:
http://www.mediafire.com/?sharekey=7f5b ... f6e8ebb871
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm

Re: Sospetta Infezione da Conficker

Messaggioda ste_95 » lun apr 13, 2009 6:46 am

Per questo apri un topic nella sezione Hardware. Abbiamo appurato che non si tratta di un virus e, francamente, non so come aiutarti. [:)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Sospetta Infezione da Conficker

Messaggioda oldman50 » lun apr 13, 2009 6:01 pm

Bene Ste_95, ora proverò nella sezione Hardware.
Il fatto che non si tratti di un virus è già abbastanza consolante, non credi ?
Grazie comunque per avermi aiutato.
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm

Re: Sospetta Infezione da Conficker

Messaggioda ste_95 » lun apr 13, 2009 6:31 pm

oldman50 ha scritto:Il fatto che non si tratti di un virus è già abbastanza consolante, non credi ?

Non sempre. In questo caso, sarebbe stato meglio che la colpa fosse di un virus, removibile in quattro e quatr'otto. [;)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Sospetta Infezione da Conficker

Messaggioda oldman50 » lun apr 13, 2009 7:44 pm

ste_95 ha scritto:Non sempre. In questo caso, sarebbe stato meglio che la colpa fosse di un virus, removibile in quattro e quatr'otto.

Anche questo è da vedere: forse per te sarebbe stato meglio ( se hai veramente solo 14 anni, complimenti !), nel mio caso sicuramente avrei impiegato almeno un giorno per rimuovere un virus di quelli maligni.
Se avrò bisogno di consigli sulla disinfezione e sicurezza del pc mi farò risentire, ciao e Buona Pasquetta.
Avatar utente
oldman50
Aficionado
Aficionado
 
Messaggi: 102
Iscritto il: dom mag 25, 2008 5:43 pm

Re: Sospetta Infezione da Conficker

Messaggioda ste_95 » lun apr 13, 2009 7:52 pm

[^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Google [Bot] e 2 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising