Condividi:        

aocj1.exe

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi Dylan666 » 03/09/06 19:24

non saprei, prova con i vai antivirus e antispyware gratis a partire da spybot e ad-aware
Avatar utente
Dylan666
Moderatore
 
Post: 39988
Iscritto il: 18/11/03 16:46

Sponsor
 

Postdi tessy » 05/09/06 01:21

CE L'HO FATTA!!!!!!!

ciao ho trovato il vostro aiuto rassicurante ma purtroppo il virus non m è andato via così cercando cercando ho trovato qst aiuto. il problema al momento sembra risolto...dovendo fare la procedura "tosta" probabilmnente è andato tutto a buon fine dato che il pc si accende ed io nn sn una espertissima di elimina\cerca, e ovviamnete ho sempre paura a mettere le mani sul pc. cmq la consiglio a chi ancora nn ha debellato il male del pc!

http://steven.altervista.org/ ed cliccare sul link ELIMINARE LINKOPTIMIZER
tessy
Utente Junior
 
Post: 68
Iscritto il: 11/09/04 18:46

linkoptimizer risolto soluzione

Postdi Dylan666 » 05/09/06 02:54

Grazie per aver segnalato la soluzione ;)
Per i casi futuri segnaliamo questo removing tool che dovrebbe rendere tutto più semplice e automatico
http://www.pc-facile.com/news/quando_ar ... /44838.htm
Avatar utente
Dylan666
Moderatore
 
Post: 39988
Iscritto il: 18/11/03 16:46

Re: linkoptimizer risolto soluzione

Postdi andorra24 » 05/09/06 06:17

Dylan666 ha scritto:Per i casi futuri segnaliamo questo removing tool che dovrebbe rendere tutto più semplice e automatico
http://www.pc-facile.com/news/quando_ar ... /44838.htm

ehm...scusa dylan ma in quel link non c'e' nessun tool di rimozione. E' soltanto una scheda tecnica sul linkoptimizer fatta dalla Symantec. L'unico tool di rimozione attualmente esistente e' quello che si trova nel mio topic in sticky ma purtroppo anche lui sembra che non funzioni come si auspicava.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 05/09/06 07:31

tessy ha scritto:CE L'HO FATTA!!!!!!!

ciao ho trovato il vostro aiuto rassicurante ma purtroppo il virus non m è andato via così cercando cercando ho trovato qst aiuto. il problema al momento sembra risolto...dovendo fare la procedura "tosta" probabilmnente è andato tutto a buon fine dato che il pc si accende ed io nn sn una espertissima di elimina\cerca, e ovviamnete ho sempre paura a mettere le mani sul pc. cmq la consiglio a chi ancora nn ha debellato il male del pc!

http://steven.altervista.org/ ed cliccare sul link ELIMINARE LINKOPTIMIZER

Ciao, se vuoi fare una verifica:
scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi tessy » 06/09/06 02:35

Ciao, se vuoi fare una verifica:
scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.[/quote]

ECCO A VOI ditemi se c sono anomalie, io qualcuna ne ho riscontrata...al momento di poco conto...

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-06 03:31:44
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 853A55D0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [EEBA32A0] vsdatant.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 853A5C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 853A5C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 853A5C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 853A5C78
Device \Driver\NetBT \Device\NetBT_Tcpip_{D62ACDDE-BE44-4A9A-8CDA-6248884F08C4} IRP_MJ_CREATE 85209478
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [EEBA32A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 853A5EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 853A5EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 85138C70
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 84E45268
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 84E45268
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 85138C70
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85209478
Device \Driver\00000064 \Device\0000004a IRP_MJ_SYSTEM_CONTROL [F778AEA8] sptd.sys
Device \Driver\00000064 \Device\0000004a IRP_MJ_DEVICE_CHANGE [F779EA70] sptd.sys
Device \Driver\00000064 \Device\0000004a IRP_MJ_PNP_POWER [F7797728] sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85209478
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [EEBA32A0] vsdatant.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 853A5808
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 84FADEB0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [EEBA32A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [EEBA32A0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 84FADEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 84FADEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8521DDB8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8521DDB8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 8521DDB8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8521DDB8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8521DDB8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8521DDB8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 8521DDB8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 853A5EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 84E4F0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2DA8E454-CA7F-4340-AD78-9933CAF1D80B} IRP_MJ_CREATE 85209478
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 850250E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 850250E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 84F6D668
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 84EE40E8

---- Files - GMER 1.0.10 ----

File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-06 03:32:52
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitD:\WINDOWS\system32\userinit.exe,, = D:\WINDOWS\system32\userinit.exe,,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
igfxcui@DLLName = igfxsrvc.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
6to4 /*Servizio helper IPv6*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Irmon /*Monitor infrarossi*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
vsmon /*TrueVector Internet Monitor*/@ = D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
WebFdy /*WebFdy*/@ = "D:\Programmi\File comuni\System\DOB.exe"
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@mmtaskD:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe = D:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
@IgfxTrayD:\WINDOWS\system32\igfxtray.exe = D:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsD:\WINDOWS\system32\hkcmd.exe = D:\WINDOWS\system32\hkcmd.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@NeroFilterCheckD:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = D:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@QuickTime Task"D:\Programmi\QuickTime\qttask.exe" -atboottime = "D:\Programmi\QuickTime\qttask.exe" -atboottime
@avgnt"D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@Zone Labs Client"D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" = "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
RunOnceEx@ = /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = D:\WINDOWS\service32.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayD:\WINDOWS\system32\stobject.dll = D:\WINDOWS\system32\stobject.dll
@UPnPMonitorD:\WINDOWS\system32\upnpui.dll = D:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = D:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/D:\WINDOWS\system32\hticons.dll = D:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/D:\WINDOWS\system32\cryptext.dll = D:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/D:\WINDOWS\system32\cryptext.dll = D:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/D:\WINDOWS\system32\NETSHELL.dll = D:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/D:\WINDOWS\system32\NETSHELL.dll = D:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/D:\WINDOWS\system32\remotepg.dll = D:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/D:\WINDOWS\system32\wshext.dll = D:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/D:\Programmi\File comuni\System\Ole DB\oledb32.dll = D:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/D:\WINDOWS\system32\mstask.dll = D:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/D:\WINDOWS\system32\mstask.dll = D:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/D:\WINDOWS\system32\mstask.dll = D:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/D:\WINDOWS\system32\wuaucpl.cpl = D:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/D:\WINDOWS\system32\twext.dll = D:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/D:\WINDOWS\system32\twext.dll = D:\WINDOWS\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/D:\WINDOWS\system32\sendmail.dll = D:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/D:\WINDOWS\system32\sendmail.dll = D:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/D:\WINDOWS\system32\shimgvw.dll = D:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/D:\WINDOWS\system32\shimgvw.dll = D:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/D:\WINDOWS\system32\shimgvw.dll = D:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/D:\WINDOWS\system32\extmgr.dll = D:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/D:\WINDOWS\system32\msieftp.dll = D:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/D:\WINDOWS\system32\docprop2.dll = D:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/D:\WINDOWS\system32\docprop2.dll = D:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/D:\WINDOWS\system32\docprop2.dll = D:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/D:\WINDOWS\system32\docprop2.dll = D:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/D:\WINDOWS\system32\docprop2.dll = D:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/D:\WINDOWS\system32\docprop2.dll = D:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/D:\WINDOWS\msagent\agentpsh.dll = D:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/D:\WINDOWS\system32\dfsshlex.dll = D:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/D:\Programmi\Outlook Express\wabfind.dll = D:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/D:\WINDOWS\system32\wmpshell.dll = D:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/D:\WINDOWS\system32\wmpshell.dll = D:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/D:\WINDOWS\system32\wmpshell.dll = D:\WINDOWS\system32\wmpshell.dll
@{0C911D02-2401-11D3-85AF-006097B47542} /*TD Extract Image*/(null) =
@{E9D1074F-FC7A-4986-BCAD-322D206D97FF} /*TT Pro/E Extract Image*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = D:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/D:\Programmi\MSN Messenger\fsshext.8.0.0787.00.dll = D:\Programmi\MSN Messenger\fsshext.8.0.0787.00.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/D:\WINDOWS\system32\upnpui.dll = D:\WINDOWS\system32\upnpui.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.libero.it/

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
Class Install Handler@CLSID = D:\WINDOWS\system32\urlmon.dll
deflate@CLSID = D:\WINDOWS\system32\urlmon.dll
gzip@CLSID = D:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = D:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = D:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = D:\WINDOWS\system32\urlmon.dll
dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll
file@CLSID = D:\WINDOWS\system32\urlmon.dll
ftp@CLSID = D:\WINDOWS\system32\urlmon.dll
gopher@CLSID = D:\WINDOWS\system32\urlmon.dll
http@CLSID = D:\WINDOWS\system32\urlmon.dll
https@CLSID = D:\WINDOWS\system32\urlmon.dll
its@CLSID = D:\WINDOWS\system32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
livecall@CLSID = D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = D:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = D:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = D:\WINDOWS\system32\itss.dll
msnim@CLSID = D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = D:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
wia@CLSID = D:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

D:\Documents and Settings\teresa\Menu Avvio\Programmi\Esecuzione automatica = Stop Dialers.lnk

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Kodak EasyShare software.lnk = Kodak EasyShare software.lnk
KODAK Software Updater.lnk = KODAK Software Updater.lnk

---- EOF - GMER 1.0.10 ----
tessy
Utente Junior
 
Post: 68
Iscritto il: 11/09/04 18:46

Postdi Luke57 » 06/09/06 07:04

Ciao, c'è rimasto il servizio e l'eseguibile.
Scarica questo:
http://www.prevx.com/GromozonRemoval
con le aplicazioni e programmi chiusi, lo esegui. Al riavvio del computer, il programma terminerà la scansione delle altre cartelle di windows.
Allega in un post il report delo scan che, mi pare, troverai in C:\.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi tessy » 06/09/06 12:12

ecco a te...

Armada.exe loaded into memory
Gromozon rootkit not found - scanning for other components...Unexpected Error (0x03) - Skipping rootkit file deletion
Scanning: D:\WINDOWS
Scanning: D:\Programmi\File comuni


Trojan.Gromozon Removed!
tessy
Utente Junior
 
Post: 68
Iscritto il: 11/09/04 18:46

Postdi Luke57 » 06/09/06 12:18

Ciao, rieseguilo, non ha trovato niente.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi tessy » 06/09/06 12:45

ciao qnd lo avvio m fa riavviare il pc e da pc riavviato (nn so se cn tutte le applicazioni) fa la scansione...questo è quello che fa sempre...e quello è il log....
tessy
Utente Junior
 
Post: 68
Iscritto il: 11/09/04 18:46

Postdi Luke57 » 06/09/06 14:31

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\WebFdy


Files to delete:
D:\Programmi\File comuni\System\DOB.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script

Controlla se nella cartella D:\Programmi\File comuni\System si trovano altri file .exe di colore verde.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi tessy » 06/09/06 15:55

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rxoncrxu

*******************

Script file located at: \??\D:\vafarcbr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WebFdy deleted successfully.
File D:\Programmi\File comuni\System\DOB.exe deleted successfully.


Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
tessy
Utente Junior
 
Post: 68
Iscritto il: 11/09/04 18:46

Postdi tessy » 06/09/06 15:59

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rxoncrxu

*******************

Script file located at: \??\D:\vafarcbr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WebFdy deleted successfully.
File D:\Programmi\File comuni\System\DOB.exe deleted successfully.


Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


si c sono 5 file verdi
-bulj
-fwiq
-giu
-ruwgmg
-zug

che devo fare?
tessy
Utente Junior
 
Post: 68
Iscritto il: 11/09/04 18:46

Postdi Luke57 » 07/09/06 10:21

Ciao, è andato a buon fine.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 07/09/06 10:37

Ciao, scusa non avevo visto la fine del post.

Riavvia venger e inserisci questo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Files to delete:
D:\Programmi\File comuni\System\bulj.exe
D:\Programmi\File comuni\System\fwiq,exe
D:\Programmi\File comuni\System\giu.exe
D:\Programmi\File comuni\System\ruwgmg.exe
D:\Programmi\File comuni\System\zug.exe

Ripeti poi la procedura di eliminazione. Verifica, prima di attivare la procedura, che il nome dei file sia corretto.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi tessy » 07/09/06 12:33

guarda qui....
nn capisco perchè il dll nn riesce a cancellarlo...

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cyyjugkl

*******************

Script file located at: \??\D:\Documents and Settings\itftorgc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

File D:\Programmi\File comuni\System\buLJ.exe deleted successfully.
File D:\Programmi\File comuni\System\FWIQ.exe deleted successfully.
File D:\Programmi\File comuni\System\gIu.exe deleted successfully.
File D:\Programmi\File comuni\System\RuwGmg.exe deleted successfully.
File D:\Programmi\File comuni\System\ZUg.exe deleted successfully.


Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
tessy
Utente Junior
 
Post: 68
Iscritto il: 11/09/04 18:46

Postdi Luke57 » 07/09/06 12:56

Ciao, tutti i file inseriti li hai eliminati, di quale dll parli?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi tessy » 07/09/06 12:59

Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034

è ok?
tessy
Utente Junior
 
Post: 68
Iscritto il: 11/09/04 18:46

Postdi Luke57 » 07/09/06 14:11

Ciao, yes ;)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Precedente

Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 27 ospiti