| Precedente :: Successivo |
| Autore |
Messaggio |
leonardione
Mortale devoto
Registrato: 30/05/07 20:09
Messaggi: 8
|
 Inviato: 30 Mag 2007 20:22 Oggetto: problema installazione causa file avgamsvr.exe |
 |
|
ho un gorsso problema: non si installa nessun antivus di nessun tipo e nex versione. ho fatto una scansione online cion panda,usato i file consigliati dal sito di avg stesso,usato rogueremover,cancellato file temp e cookie ecc.. niente dafare! ho pure cancellato le voci sospette di hijackthis!
post il file di jijacthis, magari poetete trovare la soluzione senza formattare!
saluti a tutti
Logfile of HijackThis v1.99.1
Scan saved at 20.12.59, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\RogueRemover PRO\RogueRemoverPRO.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\DOCUME~1\Nadia\IMPOST~1\Temp\Rar$EX01.908\HijackThis.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Nadia\IMPOST~1\Temp\Rar$EX00.752\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Programmi\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Programmi\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe |
|
| Top |
|
 |
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 30 Mag 2007 20:45 Oggetto: |
|
|
ciao, benvenuto/a! 
sembrerebbe l'infezione da Bagle...
sarebbe più utile il log di Panda.. 
scarica Gmer, avvialo, clicca su tab Rootkit e poi Scan
finito lo scan clicca su Copy, apri il blocco note di Windows e con i tasti ctrl+V incolla dentro il tuo log.
mettilo qui che li si dà un'occhiata.  |
|
| Top |
|
|
leonardione
Mortale devoto
Registrato: 30/05/07 20:09
Messaggi: 8
|
| Inviato: 30 Mag 2007 22:40 Oggetto: gmer |
|
|
grazie orange. gentilissimo
ecco qui di seguito il log di gmer.
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-30 21:41:04
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\m_hook.sys
ZwCreateFile
SSDT \??\C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\m_hook.sys
ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\m_hook.sys
ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\m_hook.sys
ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\m_hook.sys
ZwQueryKey
SSDT \??\C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\m_hook.sys
ZwQuerySystemInformation
---- Kernel code sections - GMER 1.0.12 ----
? C:\WINDOWS\System32\DRIVERS\update.sys
---- Registry - GMER 1.0.12 ----
Reg
\Registry\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\C:|Program
mi|Microsoft
Office|OFFICE11|ADDINS|MSOSEC.DLL@msosec,Version="7.0.5000.0",Culture="
neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.10.3191.0"
.]gAVn-}f(ZXfeAR6.jiWhiteRabbitHidden>3w2x^IGfe?Cxl5heAvK.?
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Skype\Plugins\Plugins\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Loc
al Cache\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\ActiveX\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Browser\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\ENU\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\ITA\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\WebSearch\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\PMP\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\MPP\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Help\ITA\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Help\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Help\ENU\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\PictureTasks\OLS\Locale\ITA\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\PictureTasks\OLS\Locale\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\PictureTasks\Howto\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\PictureTasks\OLS\Locale\ENU\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\PictureTasks\Templates\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\PictureTasks\Howto\images\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Updater\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Resource\CMap\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Resource\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Resource\Font\PFM\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Resource\Font\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Optional\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\Annotations\Stamps\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\Annotations\Stamps\ITA\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\Annotations\Stamps\ENU\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\HowTo\ENU\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\HowTo\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Images\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\SPPlugins\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Messages\ITA\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Messages\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\HowTo\ITA\Images\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\HowTo\ITA\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Esl\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Javascripts\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Legal\Adobe
Reader\7.0.0\it_IT\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Legal\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Adobe\Acrobat\7.0\Replicate\Security\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Adobe\Acrobat\7.0\Replicate\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Adobe\Acrobat\7.0\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Adobe\Acrobat\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati applicazioni\Adobe\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\Messages\ENU\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\ImageViewer\en_US\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Reader\plug_ins\ImageViewer\it_IT\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Reader\plug_ins3d\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Resource\Linguistics\Providers\Proximity\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Resource\Linguistics\Providers\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat 7.0\Resource\Linguistics\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Adobe\TypeSpt\Unicode\Mappings\Mac\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Adobe\TypeSpt\Unicode\Mappings\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Adobe\TypeSpt\Unicode\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Adobe\TypeSpt\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Adobe\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Adobe\TypeSpt\Unicode\Mappings\Adobe\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Adobe\TypeSpt\Unicode\Mappings\win\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Adobe\TypeSpt\Unicode\ICU\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Adobe\Acrobat
7.0\Resource\Linguistics\LanguageNames\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\Installer\{AC76BA86-7AD7-1040-7B44-A70900000002}\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\PCHEALTH\ERRORREP\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Microsoft Shared\DW\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Microsoft Shared\DW\1040\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Microsoft\IdentityCRL\production\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Microsoft\IdentityCRL\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\winsxs\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50
727.163_x-ww_681e29fb\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\winsxs\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc
8b3b9a1e18e3b_x-ww_77c24773\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\18\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\8\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\25\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\7\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\1046\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\17\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\4\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\1028\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\10\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\12\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\11\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\20\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\9\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\16\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\29\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\6\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\31\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\22\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\MSN Messenger\Device Manager\Loc\19\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\Installer\{A511414C-4846-4630-8AC0-B156D8CB1FC0}\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Microsoft Shared\Windows Live\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\InstallShield\Driver\8\Intel 32\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\InstallShield\Driver\8\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\InstallShield\Driver\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ONDA PCSync\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\ONDA
PCSync\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\Installer\{9B26B0AA-D9EC-4542-AA11-C6DE99EF9B91}\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Microsoft\MSDAIPP\OFFLINE\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\Microsoft\MSDAIPP\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\WINDOWS\Installer\{20110409-6000-11D3-8CFE-0150048383C9}\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\Skype\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Skype\Plugin Manager\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\Skype\Plugin Manager\MLS\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\ScanSoft\PaperPort\9\Config\FolderCache\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\ScanSoft\PaperPort\9\Data\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\ScanSoft\PaperPort\9\ptdspool\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Articoli\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Fax\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Tasse\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Articoli\Computer\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Articoli\Politica\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Articoli\Vacanze\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Articoli\Vacanze\Estate\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Articoli\Vacanze\Inverno\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Estratti conto\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Estratti conto\Conto corrente\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Estratti conto\Risparmi\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Investimenti\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Investimenti\401K\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Investimenti\Obbligazioni\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Investimenti\Azioni\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Tasse\03\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Tasse\03\Ricevute\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Tasse\03\Moduli di denuncia\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Tasse\02\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Tasse\02\Ricevute\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Tasse\02\Moduli di denuncia\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Biglietti da visita\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Pagine Web\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Fotografie\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Presentazioni\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Propriet? immobiliari\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\ScanSoft\PaperPort\UserConfig\Documenti
PaperPort\Ricevute\
1
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Documents and Settings\All Users\Dati
applicazioni\ScanSoft\PaperPort\9\Config\FolderCache\Cache0\
Reg
\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\F
olders@C:\Programmi\File comuni\InstallShield\UpdateService\
|
|
| Top |
|
|
leonardione
Mortale devoto
Registrato: 30/05/07 20:09
Messaggi: 8
|
| Inviato: 30 Mag 2007 22:43 Oggetto: non ha copiato il finale,mi pare! :-) |
|
|
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg
Bssvpr\Fgehzragv qv Bssvpr\Zvpebfbsg Bssvpr Qbphzrag Vzntvat.yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg
Bssvpr\Fgehzragv qv Bssvpr\Zvpebfbsg Bssvpr Cvpgher Znantre.yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg
Bssvpr\Zvpebfbsg Bssvpr Bhgybbx 2003.yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg
Bssvpr\Zvpebfbsg Bssvpr CbjreCbvag 2003.yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg
Bssvpr\Zvpebfbsg Bssvpr Choyvfure 2003.yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg
Bssvpr\Zvpebfbsg Bssvpr VasbCngu 2003.yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq
Frggvatf\Anqvn\Erprag\PBQVPR CVA VACF 1? CNEGR.yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq
Frggvatf\Anqvn\Erprag\pbqvpr cva VACF PBZCYRGB (ahzreb).yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq
Frggvatf\Anqvn\Erprag\PBQVPR CVA VACF.yax
0x13 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq
Frggvatf\Anqvn\Erprag\0519000.yax
0x14 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq
Frggvatf\Anqvn\Erprag\1010004.yax
0x14 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq
Frggvatf\Anqvn\Erprag\NYOHZ.yax
0x14 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Qbphzragf naq
Frggvatf\Anqvn\Qrfxgbc\ipyrnare.rkr
0x16 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Cebtenzzv\Qvny-Zrffratre\havaf
000.rkr
0x16 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Rfrphmvbar
nhgbzngvpn\Qvny-Zrffratre.yax
0x16 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Qvny-Zrffratre\Q?fvafgny
yre Qvny-Zrffratre.yax
0x16 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Qvny-Zrffratre\Qvny-Zrff
ratre.yax
0x16 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Qvny-Zrffratre
0x16 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\BAQN CPFlap\CP Flap.yax
0x17 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\BAQN CPFlap
0x17 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\NIT Serr Rqvgvba\NIT
Serr Rqvgvba Grfg Pragre.yax
0x17 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHAPCY:"P:\JVAQBJF\flfgrz32\ahfezte.pcy",
Nppbhag hgragr
0x18 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\EbthrErzbire
CEB\EbthrErzbire CEB.yax
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\EbthrErzbire
CEB\Uryc.yax
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\EbthrErzbire
CEB\Havafgnyy.yax
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\EbthrErzbire\EbthrErzbir
e.yax
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\EbthrErzbire\Uryc.yax
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\EbthrErzbire\Havafgnyy.y
ax
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Qbphzragf naq
Frggvatf\Anqvn\Qrfxgbc\vafgnyyre-31487-34-EbthrErzbire-SERR-1-18-Vgnyvn
a.rkr
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Ivqrbf.hey
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Genqhggber.hey
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Fpnevpner cebtenzzv.hey
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\Tvbpuv.hey
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\EbthrErzbire CEB
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACVQY:%pfvqy2%\EbthrErzbire
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Cebtenzzv\EbthrErzbire\havafg.
rkr
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACNGU:EbthrErzbire CEB.yax
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Cebtenzzv\EbthrErzbire
CEB\EbthrErzbireCEB.rkr
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACNGU:Genqhggber.hey
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-
9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Qbphzragf naq
Frggvatf\Anqvn\Qrfxgbc\fbsgjner\-NIT-Nagv-Ivehf-Serr-7-5--Vgnyvna.rkr
0x19 0x00 0x00 0x00 ...
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Run@drvsyskit
C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\hidr.exe
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Run@hldrrr
C:\WINDOWS\system32\hldrrr.exe
Reg
\Registry\USER\S-1-5-21-448539723-789336058-1343024091-1004\Software\Mi
crosoft\Windows\CurrentVersion\Run@german.exe
C:\WINDOWS\system32\wintems.exe
Reg
\Registry\USER\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache
@@C:\WINDOWS\system32\sti_ci.dll,-11
Acquisizione guidata immagini
Reg
\Registry\USER\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache
@@C:\WINDOWS\system32\sti_ci.dll,-11
Acquisizione guidata immagini
---- Files - GMER 1.0.12 ----
File C:\Documents and Settings\Nadia\Dati applicazioni\hidires
File C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\hidr.exe
File C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\m_hook.sys
<-- ROOTKIT !!!
File C:\Programmi\Movie Maker\Shared
File C:\Programmi\Movie Maker\Shared\Empty.txt
File C:\Programmi\Movie Maker\Shared\Filters.xml
File C:\Programmi\Movie Maker\Shared\news.png
File C:\Programmi\Movie Maker\Shared\paint.png
File C:\Programmi\Movie Maker\Shared\Profiles
File C:\Programmi\Movie Maker\Shared\Profiles\Blank.txt
File C:\Programmi\Movie Maker\Shared\Sample1.jpg
File C:\Programmi\Movie Maker\Shared\Sample2.jpg
File C:\WINDOWS\ime\shared
File C:\WINDOWS\ime\shared\res
---- Services - GMER 1.0.12 ----
Service C:\Documents and Settings\Nadia\Dati
applicazioni\hidires\m_hook.sys
[MANUAL] m_hook
<-- ROOTKIT !!!
---- EOF - GMER 1.0.12 ---- |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 31 Mag 2007 07:57 Oggetto: |
|
|
potresti gentilmente rifare il log con una formattazione un'pò migliore?
è praticamente impossibile leggerlo così....
dopo lo metti su http://www.freefilehosting.net/ e qui metti solamente il link per poterlo scaricare,
comunque da quel poco che ho capito, hai l'infezione da Bagle.
scarica questo tool (devi usare IExplorer, lo trovi in fondo della pagina linkata)
avvia il tool, assicurati che la casella "eliminare ficheros automaticamente" sia spuntata e fai lo scan completo.
alla fine dovrai riavviare il PC
rifai lo scan con Gmer dalla scheda Rootkit
posta qui il risultato del tool e il link del log di Gmer |
|
| Top |
|
|
leonardione
Mortale devoto
Registrato: 30/05/07 20:09
Messaggi: 8
|
| Inviato: 31 Mag 2007 22:21 Oggetto: problema nel problema :_( |
|
|
bene,Orange, ho fatto tutto. questo e' il link per scaricare il log di gmer..
http://www.freefilehosting.net/download/MjExNDAw 
e' il log di ieri,ovvero quello fatto PRIMA di scaricare il tool che mi hai indicato.. dopo avere lanciato il programmino,infatti,gmer non funziona piu'. ho provato piu' volte anche con la versione piu' recente.mi scrive sempre e soltanto due righe. nulla di piu'.  quindi nel link trovi il log di gmer PRIMA del lancio del tool EliBagle
ecco qui il log del tool
Thu May 31 15:58:24 2007
EliBagle v10.40 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\NADIA\DATI APPLICAZIONI\HIDIRES\HIDR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\NADIA\DATI APPLICAZIONI\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"
Thu May 31 15:59:00 2007
EliBagle v10.40 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu May 31 16:04:14 2007
EliBagle v10.40 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\ |
|
| Top |
|
|
leonardione
Mortale devoto
Registrato: 30/05/07 20:09
Messaggi: 8
|
| Inviato: 31 Mag 2007 23:08 Oggetto: gmer log autostart |
|
|
http://www.freefilehosting.net/download/MjExNDEw
Orange,questo e' il link dove trovi il file di log di gmer,cliccando su "autostart" e poi scan
ancora adesso cliccando
"rootkit" e poi scan,non ottengo che una riga |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 01 Giu 2007 18:02 Oggetto: |
|
|
ma ora riesci ad installare un antivirus?
il tool ha eliminato Bagle..
nel log ci sono voci che non mi piacciono...
prova a fare una scansione on-line con Kaspersky, o rifai quella con Panda
metti qui il risultato |
|
| Top |
|
|
leonardione
Mortale devoto
Registrato: 30/05/07 20:09
Messaggi: 8
|
| Inviato: 08 Giu 2007 13:43 Oggetto: scusa del ritardo |
|
|
scusami Orange per il ritardo nella risposta
nel frattempo ho riutilizzato per sicurezza Elibagle,e sono riuscito ad installare (finalmente) l'antivirus
Ho fatto una scansione completa con Panda,ecco il risultato
C:\Documents and Settings\Nadia\Cookies\nadia@overture[2].txt
Spyware:Cookie/Overture Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@perf.overture[1].txt
Spyware:Cookie/Server.iad.Liveperson Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@serving-sys[1].txt
Spyware:Cookie/Statcounter Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@tribalfusion[2].txt
Spyware:Cookie/Xiti Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@xiti[1].txt
Spyware:Cookie/Zedo Non Disinfettato C:\Documents and Settings\Nadia\Cookies\nadia@zedo[2].txt
Virus:Malware Generic Disinfettato C:\Documents and Settings\Nadia\Desktop\file nuovi\lo sapevo.zip[Eccomi.exe]
Hacktool:Exploit/LoadImage Non Disinfettato C:\Documents and Settings\Nadia\Impostazioni locali\Temporary Internet Files\Content.IE5\OTQVKHI7\czq[1].ani
dopo avre preso visione del log di Panda.ho cancellato tutti i cookie e i file temporanei e quell'exe segnato come virus |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 08 Giu 2007 17:47 Oggetto: Re: scusa del ritardo |
|
|
| leonardione ha scritto: | | dopo avre preso visione del log di Panda.ho cancellato tutti i cookie e i file temporanei e quell'exe segnato come virus |
 bravo, bella mossa!
quindi, direi che sei a posto! (sempre se non ci siano altri problemi... ) |
|
| Top |
|
|
leonardione
Mortale devoto
Registrato: 30/05/07 20:09
Messaggi: 8
|
| Inviato: 08 Giu 2007 18:59 Oggetto: tutto bene |
|
|
Altri problemi no ,orange 
Quel Bagle mi ha dato problemi per giorni e notti,ma il programmino che mi hai consigliato e' stato veramente di grande aiuto,eliminando il problema semplicemente e senza fatica.
Mi preoccupava un tuo messaggio precedente,dopo dicevi che non ti piaceva il log di hijacthis
Se anche per te ora e' tutto perfetto,non mi resta che ringraziarti vivamente per tutto l'aiuto che mi hai dato ,specialmente perche' gratuito !
Grazie vivamente per tutto  |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 08 Giu 2007 19:05 Oggetto: Re: tutto bene |
|
|
| leonardione ha scritto: | | Se anche per te ora e' tutto perfetto,non mi resta che ringraziarti vivamente per tutto l'aiuto che mi hai dato ,specialmente perche' gratuito ! |
aspetta, la fattura ti arriva direttamente a domicilio 
mi fà piacere che hai risolto!
|
|
| Top |
|
|
leonardione
Mortale devoto
Registrato: 30/05/07 20:09
Messaggi: 8
|
| Inviato: 09 Giu 2007 04:27 Oggetto: stretta di mano |
 |
|
grazie a te.
Una calorosa stretta di mano e ,se potessi farlo,una raccomandazione per essere BEATA 
edit by bdoriano
|
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
