Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Probabile Malware

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Probabile Malware

Messaggioda bombolo..tp » dom giu 28, 2009 8:48 am

Ciao pochi giorni fa ho fatto un po' di pulizia......Ma adesso all'avvio explorer non parte, le icone e la barra non si vedono, ma il processo è in esecuzione. Comunuqe devo avviare una nuova operazione dal task per avviare correttamente explorer. Ho letto che potrebbe essere un malware mascherano da debugger. MI date una mano? Grazie [Ho controllato nel registro HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\currentversion\image file execution options, ma non ho trovato explore!]
Vi mando il file di hijackthis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.49.40, on 28/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Thomson\SpeedTouch USB\dragdiag.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Davide\Documenti\HiJackThis\HijkThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tele2internet.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Programmi\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\qsb.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?dfe1bed07eb94e8181d6b0bd0150ce1c
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?dfe1bed07eb94e8181d6b0bd0150ce1c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programmi\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programmi\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Programmi\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8253001312
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - http://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{536FB3AD-E235-4157-B0A7-DBBEDF632A33}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servizio di Google Update (gupdate1c9b0678e03bee0) (gupdate1c9b0678e03bee0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Server 8.3 (postgresql-8.3) - PostgreSQL Global Development Group - C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe

--
End of file - 10766 bytes
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Probabile Malware

Messaggioda crazy.cat » dom giu 28, 2009 9:17 am

ci fai vedere quali chiavi di registro ci sono in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\currentversion\image file execution options
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Probabile Malware

Messaggioda ste_95 » dom giu 28, 2009 9:20 am

crazy.cat ha scritto:ci fai vedere quali chiavi di registro ci sono in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\currentversion\image file execution options

Con GMER si vede:

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Re: Probabile Malware

Messaggioda bombolo..tp » dom giu 28, 2009 1:48 pm

ciao primo punto......

GMER 1.0.15.14972 - http://www.gmer.net
Autostart scan 2009-06-28 14:52:28
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BITS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
BthServ@ = %SystemRoot%\system32\svchost.exe -k bthsvcs
CeEPwrSvc@ = C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
CFSvcs@ = C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\System32\svchost.exe -k NetworkService
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
gupdate1c9b0678e03bee0@ = "C:\Programmi\Google\Update\GoogleUpdate.exe" /svc
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Irmon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
JavaQuickStarterService@ = "C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf"
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
postgresql-8.3@ = C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Programmi/PostgreSQL/8.3/data" -w
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
WudfSvc@ = %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATIModeChangeAti2mdxx.exe = Ati2mdxx.exe
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@ApointC:\Programmi\Apoint2K\Apoint.exe = C:\Programmi\Apoint2K\Apoint.exe
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@CeEPOWERC:\Programmi\TOSHIBA\Power Management\CePMTray.exe = C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
@CeEKEYC:\Programmi\TOSHIBA\E-KEY\CeEKey.exe = C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
@EzButtonC:\Programmi\EzButton\EzButton.EXE = C:\Programmi\EzButton\EzButton.EXE
@TPNFC:\Programmi\TOSHIBA\TouchPad\TPTray.exe = C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre6\bin\jusched.exe" = "C:\Programmi\Java\jre6\bin\jusched.exe"
@avgnt"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
@SpeedTouch USB Diagnostics"C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon = "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
@Adobe Reader Speed Launcher"C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@Google Quick Search Box"C:\Programmi\Google\Quick Search Box\qsb.exe" /autorun = "C:\Programmi\Google\Quick Search Box\qsb.exe" /autorun
@GrooveMonitor"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" = "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
@CloneCDTray"C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s = "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@TOSCDSPDC:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe = C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@swgC:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@DAEMON Tools Lite"C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun = "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTray%systemroot%\system32\stobject.dll = %systemroot%\system32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{8FF43EAA-2BB1-4A53-8E18-D9221E56E593} /*CePMTab Property Sheet*/C:\WINDOWS\system32\CePMTab.dll = C:\WINDOWS\system32\CePMTab.dll
@{9ED66769-A198-41FE-8615-601691C68846} /*TouchPad Property Sheet*/C:\WINDOWS\System32\TPprop.dll = C:\WINDOWS\System32\TPprop.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{25336920-03f9-11cf-8fd0-00aa00686f13} /*HTML Document*/C:\WINDOWS\system32\mshtml.dll = C:\WINDOWS\system32\mshtml.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} /*MSHTML Document*/C:\WINDOWS\system32\mshtml.dll = C:\WINDOWS\system32\mshtml.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRar\rarext.dll = C:\Programmi\WinRar\rarext.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office12\msohevi.dll = C:\Programmi\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRar\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRar\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRar\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre6\bin\ssv.dll = C:\Programmi\Java\jre6\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll = C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll = C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\Windows Live Toolbar\msntb.dll = C:\Programmi\Windows Live Toolbar\msntb.dll
@{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll = C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
@{CC59E0F9-7E43-44FA-9FAA-8377850BF205}C:\Programmi\Free Download Manager\iefdm2.dll = C:\Programmi\Free Download Manager\iefdm2.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.ask.com/?o=101764&l=dis = http://www.ask.com/?o=101764&l=dis
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
x-sdch@CLSID = C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
grooveLocalGWS@CLSID = C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

---- EOF - GMER 1.0.15 ----
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Probabile Malware

Messaggioda bombolo..tp » dom giu 28, 2009 1:50 pm

....secondo punto


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-28 14:53:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spoi.sys ZwCreateKey [0xF84160E0]
SSDT F8C34DA4 ZwCreateThread
SSDT spoi.sys ZwEnumerateKey [0xF8434CA2]
SSDT spoi.sys ZwEnumerateValueKey [0xF8435030]
SSDT spoi.sys ZwOpenKey [0xF84160C0]
SSDT F8C34D90 ZwOpenProcess
SSDT F8C34D95 ZwOpenThread
SSDT spoi.sys ZwQueryKey [0xF8435108]
SSDT spoi.sys ZwQueryValueKey [0xF8434F88]
SSDT spoi.sys ZwSetValueKey [0xF843519A]
SSDT F8C34D9F ZwTerminateProcess
SSDT F8C34D9A ZwWriteVirtualMemory

INT 0x62 ? 8236FBF8
INT 0x63 ? 82248F00
INT 0x63 ? 82248F00
INT 0x63 ? 82248F00
INT 0x63 ? 82248F00
INT 0x73 ? 823DDBF8
INT 0x82 ? 8236FBF8

---- Kernel code sections - GMER 1.0.15 ----

? spoi.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload F772F8AC 5 Bytes JMP 822484E0
.text a93phj9o.SYS F73FB386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a93phj9o.SYS F73FB3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a93phj9o.SYS F73FB3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a93phj9o.SYS F73FB3C9 1 Byte [2E]
.text a93phj9o.SYS F73FB3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823DD2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8447C4C] spoi.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8447CA0] spoi.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8417040] spoi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841713C] spoi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84170BE] spoi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84177FC] spoi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84176D2] spoi.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 822485E0
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8427048] spoi.sys
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a93phj9o.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8236E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \Driver\usbohci \Device\USBPDO-0 821FD500
Device \Driver\usbohci \Device\USBPDO-1 821FD500
Device \Driver\usbehci \Device\USBPDO-2 821B81F8
Device \Driver\sptd \Device\2602982862 spoi.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{E67B6F66-5350-4060-BE30-80FF9143999C} 8203C500
Device \Driver\Ftdisk \Device\HarddiskVolume1 823DB1F8
Device \Driver\Cdrom \Device\CdRom0 821AC1F8
Device \Driver\Cdrom \Device\CdRom1 821AC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8203C500
Device \Driver\PCI_PNP4112 \Device\0000004a spoi.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{536FB3AD-E235-4157-B0A7-DBBEDF632A33} 8203C500
Device \Driver\NetBT \Device\NetbiosSmb 8203C500
Device \Driver\usbohci \Device\USBFDO-0 821FD500
Device \Driver\usbohci \Device\USBFDO-1 821FD500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81FB1500
Device \Driver\usbehci \Device\USBFDO-2 821B81F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81FB1500
Device \Driver\Ftdisk \Device\FtControl 823DB1F8
Device \Driver\a93phj9o \Device\Scsi\a93phj9o1Port2Path0Target0Lun0 81FF61F8
Device \Driver\a93phj9o \Device\Scsi\a93phj9o1 81FF61F8
Device \FileSystem\Cdfs \Cdfs 81F58500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001435001afb
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001435001afb@0021d26ee99e 0xCD 0x50 0xC4 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x29 0xBD 0x13 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0x82 0x41 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0xC3 0xD7 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001435001afb
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001435001afb@0021d26ee99e 0xCD 0x50 0xC4 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x29 0xBD 0x13 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x14 0x82 0x41 0xEF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0xC3 0xD7 0xED ...

---- EOF - GMER 1.0.15 ----


ci è voluto un secolo..............comunque dateci un'occhiata....ciao
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Probabile Malware

Messaggioda ste_95 » dom giu 28, 2009 2:52 pm

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\System32\Drivers\a93phj9o.SYS


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Probabile Malware

Messaggioda bombolo..tp » dom giu 28, 2009 7:07 pm

Bene ho fatto tutto, adesso si avvia tutto normalmente...qua c'è il file.....

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "C:\WINDOWS\System32\Drivers\a93phj9o.SYS" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\a93phj9o.SYS" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Probabile Malware

Messaggioda ste_95 » dom giu 28, 2009 10:25 pm

Cioè non hai più problemi?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Probabile Malware

Messaggioda bombolo..tp » sab lug 04, 2009 10:57 am

Altro che.....Qaundo si avvia windows non parte explore.....devo avviarlo manualmente da nuova operazione su task manager....Come Mai???? Ma dai file che vi ho inviato non si vede niente????

Ciao a presto
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Probabile Malware

Messaggioda ste_95 » sab lug 04, 2009 11:00 am

Tutto alquanto strano...
Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Probabile Malware

Messaggioda bombolo..tp » sab lug 04, 2009 5:09 pm

ComboFix 09-06-25.06 - Davide 26/06/2009 14.34.58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.302 [GMT 2:00]
Eseguito da: c:\documents and settings\Davide\Desktop\ComoFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\csrcs.exe
c:\windows\system32\drivers\MSIVXqkuupifplfumpegkylviwrxlgfaflchq.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXjbyxpsukpvlavhujtmvksyihsumavxmj.dll
c:\windows\system32\MSIVXncabkmlsowjddyloxfewgwdjtacarwia.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Creati Da 2009-05-26 al 2009-06-26 )))))))))))))))))))))))))))))))))))
.

2009-06-26 10:05 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-06-26 10:05 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-06-26 09:08 . 2009-06-26 09:08 -------- d-----w- c:\programmi\Trend Micro
2009-06-26 09:00 . 2009-06-26 09:01 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\GetRightToGo
2009-06-25 09:33 . 2009-06-25 22:55 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\BitTorrent
2009-06-25 09:32 . 2009-06-25 09:32 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\DNA
2009-06-25 09:32 . 2009-06-26 09:10 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\DNA
2009-06-25 09:32 . 2009-06-26 08:50 -------- d-----w- c:\programmi\DNA
2009-06-25 09:32 . 2009-06-25 09:32 -------- d-----w- c:\programmi\BitTorrent
2009-06-24 16:08 . 2009-06-24 16:08 -------- d-----w- c:\programmi\PostgreSQL
2009-06-24 15:31 . 2009-06-25 09:23 -------- d-----w- c:\programmi\PokerTracker 3
2009-06-24 15:16 . 2009-06-24 15:17 -------- d-----w- c:\programmi\SharkScope
2009-06-24 14:58 . 2009-06-24 14:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-06-24 14:41 . 2009-06-24 16:03 349 ----a-w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\postgresinstall.bat
2009-06-23 12:07 . 2003-11-04 13:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-23 12:07 . 2004-01-12 00:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-21 22:17 . 2009-06-21 22:17 -------- d-----w- c:\programmi\GiocoDigitale
2009-06-21 21:58 . 2009-06-21 21:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-21 21:58 . 2009-06-26 08:51 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\skypePM
2009-06-21 21:56 . 2009-06-26 12:09 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\Skype
2009-06-21 21:56 . 2009-06-21 21:56 -------- d-----w- c:\programmi\File comuni\Skype
2009-06-21 21:55 . 2009-06-21 21:56 -------- d-----r- c:\programmi\Skype
2009-06-21 21:55 . 2009-06-21 21:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-06-18 12:54 . 2009-06-18 13:06 -------- d-----w- c:\programmi\PartyGaming.Net
2009-06-16 10:50 . 2009-06-16 12:20 -------- d-----w- c:\programmi\Holdem Indicator
2009-06-14 17:49 . 2009-06-14 17:49 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\gtk-2.0
2009-06-14 17:49 . 2009-06-14 17:49 -------- d-----w- c:\documents and settings\Davide\.thumbnails
2009-06-14 17:47 . 2009-06-14 17:50 -------- d-----w- c:\documents and settings\Davide\.gimp-2.6
2009-06-14 17:47 . 2009-06-14 17:47 -------- d-----w- c:\documents and settings\Davide\.gegl-0.0
2009-06-11 18:49 . 2009-06-11 18:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-11 11:45 . 2009-06-11 11:45 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\Stardock
2009-06-11 07:27 . 2009-06-11 07:27 -------- d-----w- c:\windows\ie8updates
2009-06-10 18:54 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 18:54 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 18:54 . 2009-04-30 21:13 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 18:54 . 2009-04-30 21:13 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-09 16:37 . 2009-06-09 16:37 -------- d-----w- c:\programmi\R
2009-06-09 16:33 . 2009-06-24 15:16 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\Tinn-R
2009-06-09 16:32 . 2009-06-09 16:32 -------- d-----w- c:\programmi\Tinn-R
2009-06-07 13:36 . 2009-06-07 14:22 -------- d-----w- c:\programmi\Poker Indicator
2009-06-05 11:56 . 2009-06-05 11:56 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\Help
2009-06-04 21:46 . 2009-06-04 21:46 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\PokerStrategyElephant
2009-06-04 21:29 . 2009-06-04 21:46 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\PokerStrategy
2009-06-04 21:24 . 2009-06-04 21:24 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\ICMTrainer
2009-06-04 12:19 . 2009-06-04 12:19 -------- d-----w- c:\programmi\Visual Integrity
2009-06-04 12:10 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-04 12:10 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-04 12:10 . 2009-06-04 12:10 -------- d-----w- C:\CanoScan
2009-06-04 12:10 . 2001-12-25 14:13 487424 ----a-w- c:\windows\system32\D125UFW.DLL
2009-06-04 12:10 . 2001-11-01 14:58 503808 ----a-w- c:\windows\system32\D125WUD.DLL
2009-06-04 12:10 . 2001-11-01 14:58 118784 ----a-w- c:\windows\system32\D125WIMG.DLL
2009-06-04 12:10 . 2001-10-03 19:47 393264 ----a-w- c:\windows\system32\D125UR.DAT
2009-06-04 12:10 . 2001-09-27 13:31 729088 ----a-w- c:\windows\system32\D125UAG.DLL
2009-06-04 12:10 . 2001-04-11 00:10 327740 ----a-w- c:\windows\system32\UCS32P.DLL
2009-06-04 12:10 . 1998-06-16 23:14 45056 ----a-w- c:\windows\system32\CANOIT32.EXE
2009-06-04 12:10 . 1998-06-16 23:14 119808 ----a-w- c:\windows\system32\ITLIB32.DLL
2009-06-04 09:54 . 2009-06-04 10:33 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\ICMTrainerLight
2009-06-04 09:52 . 2009-06-04 21:41 -------- d-----w- c:\programmi\PokerStrategy
2009-06-03 18:30 . 2009-06-03 18:30 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\Drag_&_Air_S.n.c
2009-06-03 17:31 . 2009-06-12 16:21 -------- d-----w- c:\programmi\Burraconline
2009-05-28 22:08 . 2009-05-28 22:08 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\In_The_Money_LLC
2009-05-28 22:07 . 2009-05-29 08:39 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\In The Money
2009-05-28 22:07 . 2009-05-28 22:07 -------- d-----w- c:\programmi\In The Money

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 12:30 . 2009-04-15 07:44 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\Free Download Manager
2009-06-25 23:21 . 2009-03-28 13:28 -------- d-----w- c:\programmi\PokerStars.IT
2009-06-25 14:56 . 2009-04-25 09:51 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\mIRC
2009-06-25 14:54 . 2009-04-25 09:51 -------- d-----w- c:\programmi\mIRC
2009-06-24 17:15 . 2009-04-05 13:41 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\U3
2009-06-24 17:01 . 2009-04-25 10:52 1 ----a-w- c:\documents and settings\Davide\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-24 16:40 . 2009-04-15 08:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-06-24 14:51 . 2009-06-24 14:45 2269 ----a-w- c:\documents and settings\All Users\Dati applicazioni\sortedcards.tmp
2009-06-24 14:46 . 2009-06-24 14:46 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\playercachelines.tmp
2009-06-16 16:29 . 2009-05-20 12:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-06-12 19:47 . 2009-04-15 08:53 -------- d-----w- c:\programmi\Microsoft Works
2009-06-11 10:09 . 2009-04-25 14:20 -------- d-----w- c:\programmi\BobsTrackBuilder
2009-06-11 10:07 . 2004-03-16 08:09 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-03 14:42 . 2004-03-16 06:29 75474 ----a-w- c:\windows\system32\perfc010.dat
2009-06-03 14:42 . 2004-03-16 06:29 451016 ----a-w- c:\windows\system32\perfh010.dat
2009-05-28 16:34 . 2009-03-28 12:07 45400 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-28 16:34 . 2009-03-28 12:07 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-28 16:34 . 2009-03-28 12:07 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-27 12:18 . 2009-05-27 12:18 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-05-23 14:41 . 2009-05-23 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GiocoDigitale
2009-05-23 13:07 . 2009-03-28 15:27 -------- d-----w- c:\programmi\Google
2009-05-20 11:50 . 2009-05-20 11:50 -------- d-----w- c:\programmi\Windows Live
2009-05-20 11:50 . 2009-05-20 11:50 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-05-20 11:50 . 2009-03-28 14:51 -------- d-----w- c:\programmi\MSN Messenger
2009-05-16 11:47 . 2009-04-09 12:09 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-05-13 12:29 . 2009-04-16 10:38 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\vlc
2009-05-13 05:02 . 2004-03-16 06:29 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 11:59 . 2009-04-17 20:29 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-10 11:56 . 2009-05-08 22:17 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\DAEMON Tools Lite
2009-05-10 11:55 . 2009-05-10 11:55 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\DAEMON Tools
2009-05-10 11:55 . 2009-05-10 11:55 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\DAEMON Tools Pro
2009-05-10 11:54 . 2009-05-10 11:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-05-10 11:53 . 2009-05-10 11:53 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-05-10 11:53 . 2009-05-10 11:53 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-05-09 16:06 . 2009-05-09 16:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2009-05-08 22:18 . 2009-05-08 22:18 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-07 15:32 . 2004-03-16 06:28 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 13:47 . 2009-05-03 09:02 -------- d-----w- c:\programmi\EPSON
2009-04-25 13:21 . 2009-03-28 14:32 73400 ----a-w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-19 19:47 . 2004-03-16 06:29 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 14:58 . 2009-04-24 13:56 103424 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 14:58 . 2009-04-24 13:56 954368 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 14:58 . 2009-04-24 13:56 344064 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 14:58 . 2009-04-24 13:56 1161626 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 14:58 . 2009-04-24 13:56 65536 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 14:58 . 2009-04-24 13:56 71652 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 14:58 . 2009-04-24 13:56 4579328 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 14:58 . 2009-04-24 13:56 4534272 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 14:58 . 2009-04-24 13:56 131868 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-15 14:52 . 2004-03-16 06:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 23:45 . 2009-04-12 23:45 0 ----a-w- c:\windows\nsreg.dat
2009-04-09 12:48 . 2004-03-16 06:38 77543 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-28 15:37 . 2009-03-28 15:37 135 ----a-w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-03-28 15:13 . 2009-03-28 15:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-28 15:13 . 2009-03-28 15:13 152576 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-28 39408]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-06-25 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-10 335872]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-06-18 151552]
"CeEPOWER"="c:\programmi\TOSHIBA\Power Management\CePMTray.exe" [2004-02-19 135168]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2004-02-19 638976]
"EzButton"="c:\programmi\EzButton\EzButton.EXE" [2004-01-12 712704]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2004-02-19 53248]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-28 148888]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-03-28 266497]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\qsb.exe" [2009-03-28 68592]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2003-11-19 88363]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [28/03/2009 14.07.35 22360]
R0 BatteryChecker;Battery Checker Driver;c:\windows\system32\drivers\BtryChkr.sys [16/03/2004 12.26.23 5392]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [28/03/2009 14.07.35 45400]
S2 gupdate1c9b0678e03bee0;Servizio di Google Update (gupdate1c9b0678e03bee0);c:\programmi\Google\Update\GoogleUpdate.exe [29/03/2009 14.11.55 133104]
S2 postgresql-8.3;PostgreSQL Server 8.3;C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Programmi/PostgreSQL/8.3/data" -w --> C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-29 12:11]

2009-06-26 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-fsm - (no file)
HKLM-Run-Battery Checker - c:\program files\TOSHIBA\Battery Checker\BtryChkr.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Connection Wizard,ShellNext = hxxp://www.tele2internet.it/
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?dfe1bed07eb94e8181d6b0bd0150ce1c
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?dfe1bed07eb94e8181d6b0bd0150ce1c
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 14:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.3]
"ImagePath"="C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Programmi/PostgreSQL/8.3/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.3]
"ImagePath"="C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Programmi/PostgreSQL/8.3/data\" -w"
.
Ora fine scansione: 2009-06-26 14.48.18
ComboFix-quarantined-files.txt 2009-06-26 12:47

Pre-Run: 13.941.383.168 byte disponibili
Post-Run: 14.484.078.592 byte disponibili

259 --- E O F --- 2009-06-16 17:38

La scansione l'ho fatta qualche giorno fa e mi ero dimenticato di postarla.....dai un po' un'occhiata....
ciao
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Probabile Malware

Messaggioda ste_95 » sab lug 04, 2009 5:12 pm

E anche dopo la scansione con ComboFix hai i medesimi problemi? Combo ha rimosso un sacco di schifo, e non vedo niente altro...
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Probabile Malware

Messaggioda bombolo..tp » sab lug 04, 2009 9:06 pm

......Ma non è che ho cancellato qualche file di sistema....non capisco......!!!! appena ho un po' più di tempo rifaccio la scansione.....boh..Grazie comunque
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Probabile Malware

Messaggioda Roberto88 » sab lug 04, 2009 10:36 pm

prova anche a scaricare TuneUp Utilities 2009 aggiornalo e nella sessione "solve problems" utilizza DiskDoctor e spunta il pallino sottostante all'opzione già selezionata in automatico e dopo l'intero processo vedi se è migliorato qualcosa (il programma cerca nei file di sistema possibili errori ed altro)
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising