Seite 1 von 3 123 LetzteLetzte
Ergebnis 1 bis 10 von 28

Thema: Hi gentlemen! I think I've found something for you!

  1. #1
    Einsteiger
    Registriert seit
    23.05.2007
    Beiträge
    19

    Cool Hi gentlemen! I think I've found something for you!

    Recently I've changed my AntiVirus from PandaPlatinum 2007 to the Kaspersky Internet Sec 6.0.2.614 and I think it's better.
    After a complete sys scan and a standard spring cleaning, I've noticed an unusual behaviour when I click on the link of my hard drive on the desktop: kaspy alerts me about a Risk Invader by a file named fjijmstv.log placed in c:\windows\system32.

    Flashback:
    Yesterday I was trying to remove a dialer and following some indications I reached HijackThis.
    Well, when I tryed to open your homepage and any other page who contain something about HijackThis, IE automatically closed any windows.
    OK, so I downloaded HijackThis from emule, but when I tryed to unpack it...the program closes.
    OK again, so right click and unpack here. Now I have the folder but I cannot open it, because if try opening...it closes!
    So I made one more try. 2Clicks on the HD icon on the desk, Kaspy alerts me about the intrusion of fjijmstv.log I have 3 options: terminate, do not allow let it run.
    Only when I chose the 2nd in the task manager\process appears the process fjijmstv.log and after I've stopped all the chain process from there, I was able to open everything connected to HijackThis.
    I run it and I fix something (I'll put my old and my new Hijack logfiles) but fjijmstv.log is still there and have the control of my movements.

    Today:
    Using Kaspy I put fjijmstv.log in quarantine and I scan it, this is the result:
    Quarantena
    ----------
    Analizzati: 3
    Rilevati: 0
    Non isolati: 0
    Ora di inizio: 23/05/2007 9.15.18
    Durata: 00.00.01
    Ora di fine: 23/05/2007 9.15.19


    Eventi
    ------
    Ora Nome Stato Motivo
    --- ---- ----- ------
    23/05/2007 9.15.18 File: C:\WINDOWS\SYSTEM32\fjijmstv.log file compresso PE_Patch.UPX
    23/05/2007 9.15.18 File: C:\WINDOWS\SYSTEM32\fjijmstv.log//PE_Patch.UPX file compresso UPX
    23/05/2007 9.15.19 File: C:\WINDOWS\SYSTEM32\fjijmstv.log//PE_Patch.UPX//UPX ok esaminato
    23/05/2007 9.15.19 File: C:\WINDOWS\SYSTEM32\fjijmstv.log//PE_Patch.UPX ok esaminato
    23/05/2007 9.15.19 File: C:\WINDOWS\SYSTEM32\fjijmstv.log ok esaminato


    Obviously putting this file in quarantine = remove it from c:windows\system32

    and after the restart the sys do not restarts. I succesfully restore the fjijmstv.log to the system32 folder and everything is alright.

    Running regedit I found several interesting keys about fjijmstv.log but these two are more interesting:

    Windows Registry Editor Version 5.00

    First:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\RunMRU]
    "a"="regedit\\1"
    "MRUList"="ahgifedbc"
    "b"="msconfig\\1"
    "c"="ipconfig /all\\1"
    "d"="C:\\HijackThis\\hijackthis_199.zip\\1"
    "e"="C:\\HijackThis\\HijackThis.exe\\1"
    "f"="\"C:\\Programmi\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\"\\1"
    "g"="\"C:\\Programmi\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.com\"\\1"
    "h"="explorer\\1"
    "i"="C:\\WINDOWS\\SYSTEM32\\fjijmstv.log\\1"

    Second:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
    "Debugger"="\"c:\\windows\\system32\\fjijmstv.log\""

    I tryed to substitute the original fjijmstv.log putting it in quarantine again and renaming a new fjijmstv1.log that I've maded, but the sys doesn't start.

    I'd like to send you my registry but it's too big (98Mb) and I put here the HijackThis logs.
    I really hope someone here can understand and explain what's going on!

    Thank a lot.

    Log1 (to be fixed):

    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 22.31.34, on 22/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Programmi\Analog Devices\SoundMAX\smagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Programmi\eMule\emule.exe
    C:\WINDOWS\Explorer.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.rossoalice.alice.it/mail/home/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rossoalice.it
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Explorer fornito da Libero
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\system32\lotusword.exe",
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.excite.it"); (C:\Programmi\Netscape\Users\masciuo\prefs.js)
    O1 - Hosts: 205.238.40.1 winmx.com
    O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com
    O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
    O1 - Hosts: 205.238.40.2 test3202.winmx.com test3206.winmx.com
    O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
    O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Class - {979D95F4-3AAC-2CA6-6BD9-BCC2962538C2} - C:\WINDOWS\jiffm1.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp.exe] ccApp.exe
    O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Bluetooth Software\bin\btstart.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Windows Network Controller] Win9x.exe
    O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
    O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\RunServices: [ccApp.exe] ccApp.exe
    O4 - Startup: DSLMON.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Trace with Visual Trace - C:\Programmi\VisualTrace\NTXcontext.htm
    O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAMMI\ATI MULTIMEDIA\TV\EXPLBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra button: McAfee Visual Trace - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\Programmi\VisualTrace\NTXtoolbar.htm (HKCU)
    O9 - Extra button: Alice - {F2958227-261C-424D-A501-5CA24AF61855} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131289658740
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163438920578
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C69865F9-F37C-4B95-9578-BE912622087C}: NameServer = 85.37.17.49 85.38.28.91
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\smagent.exe
    Log2 (fixed):

    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 9.43.41, on 23/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Programmi\Analog Devices\SoundMAX\smagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
    C:\WINDOWS\SYSTEM32\taskmgr.exe
    C:\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.rossoalice.alice.it/mail/home/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rossoalice.it
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Explorer fornito da Libero
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.excite.it"); (C:\Programmi\Netscape\Users\masciuo\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Bluetooth Software\bin\btstart.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - Startup: DSLMON.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Trace with Visual Trace - C:\Programmi\VisualTrace\NTXcontext.htm
    O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAMMI\ATI MULTIMEDIA\TV\EXPLBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra button: McAfee Visual Trace - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\Programmi\VisualTrace\NTXtoolbar.htm (HKCU)
    O9 - Extra button: Alice - {F2958227-261C-424D-A501-5CA24AF61855} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131289658740
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163438920578
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C69865F9-F37C-4B95-9578-BE912622087C}: NameServer = 85.37.17.49 85.38.28.91
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\smagent.exe
    Thanks again, hope to see an answer soon!
    Bye
    Geändert von Karl (23.05.2007 um 19:50 Uhr)

  2. #2
    Einsteiger
    Registriert seit
    23.05.2007
    Beiträge
    19

    On-line scan results:

    I successfully made a copy by using the Kaspersky quarantine and I scan fjijmstv.log:


    Complete scanning result of "fjijmstv.log", received in VirusTotal at 05.23.2007, 12:40:14 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.5.23.1 05.23.2007 no virus found
    AntiVir 7.4.0.27 05.23.2007 HEUR/Crypted
    Authentium 4.93.8 05.23.2007 no virus found
    Avast 4.7.997.0 05.22.2007 no virus found
    AVG 7.5.0.467 05.22.2007 no virus found
    BitDefender 7.2 05.23.2007 BehavesLike:Win32.ExplorerHijack
    CAT-QuickHeal 9.00 05.22.2007 no virus found
    ClamAV devel-20070416 05.23.2007 no virus found
    DrWeb 4.33 05.23.2007 no virus found
    eSafe 7.0.15.0 05.21.2007 suspicious Trojan/Worm
    eTrust-Vet 30.7.3655 05.23.2007 no virus found
    Ewido 4.0 05.23.2007 no virus found
    FileAdvisor 1 05.23.2007 no virus found
    Fortinet 2.85.0.0 05.23.2007 no virus found
    F-Prot 4.3.2.48 05.22.2007 no virus found
    F-Secure 6.70.13030.0 05.23.2007 no virus found
    Ikarus T3.1.1.8 05.23.2007 no virus found
    Kaspersky 4.0.2.24 05.23.2007 no virus found
    McAfee 5036 05.22.2007 no virus found
    Microsoft 1.2503 05.22.2007 no virus found
    NOD32v2 2286 05.23.2007 probably unknown NewHeur_PE virus
    Norman 5.80.02 05.23.2007 no virus found
    Panda 9.0.0.4 05.23.2007 no virus found
    Prevx1 V2 05.23.2007 no virus found
    Sophos 4.17.0 05.23.2007 no virus found
    Sunbelt 2.2.907.0 05.17.2007 no virus found
    Symantec 10 05.23.2007 Trojan.Linkoptimizer.B
    TheHacker 6.1.6.120 05.21.2007 no virus found
    VBA32 3.12.0 05.22.2007 no virus found
    VirusBuster 4.3.23:9 05.22.2007 no virus found
    Webwasher-Gateway 6.0.1 05.23.2007 Heuristic.Crypted


    File size: 34779 bytes
    MD5: 244f868f84b79868ae88f1e3cde86595
    SHA1: 0ba9a2cab4b61e406b4373c0fbe0a21a6ae29fd5
    packers: UPX
    packers: UPX
    packers: UPX

    --------------------------------------------------------------------------

    Service
    Service load: 0% 100%

    File: fjijmstv.log
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 244f868f84b79868ae88f1e3cde86595
    Packers detected: PE_PATCH.UPX, UPX

    Scanner results
    Scan taken on 23 May 2007 10:40:30 (GMT)
    A-Squared Found nothing
    AntiVir Found HEUR/Crypted
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found BehavesLike:Win32.ExplorerHijack (probable variant)
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found probably unknown NewHeur_PE (probable variant)
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    Statistics
    Last file scanned at least one scanner reported something about: bg2ekx3oox.exe_ (MD5: 3ec3dcd8fc2db0a891187eb0a7c07cf7, size: 45056 bytes), detected by:

    Scanner Malware name
    A-Squared Email-Worm.Win32.Warezov.nh
    AntiVir WORM/Stration.YS
    ArcaVir Worm.warezov.Ne
    Avast X
    AVG Antivirus I-Worm/Stration.CWH
    BitDefender X
    ClamAV X
    Dr.Web Win32.HLLM.Limar
    F-Prot Antivirus W32/EmailWorm.JBL
    F-Secure Anti-Virus Email-Worm.Win32.Warezov.nh
    Fortinet W32/Stration.NH@mm
    Kaspersky Anti-Virus Email-Worm.Win32.Warezov.nh
    NOD32 Win32/Stration.YS
    Norman Virus Control X
    Panda Antivirus W32/Spamta.WG.worm
    Rising Antivirus X
    VirusBuster X
    VBA32 MalwareScope.Worm.Warezov.1

  3. #3
    Einsteiger
    Registriert seit
    23.05.2007
    Beiträge
    19

    Unglücklich I think the problem is older but I'll put only the last 30days

    I only put the complete record of the first, the others will be 30days older.

    Code:
    Directory di C:\
    
    23/05/2007  11.08             1.054 fjijmstv1.reg
    23/05/2007  11.06               412 fjijmstv2.reg
    23/05/2007  09.55            19.008 C6.tmp
    23/05/2007  08.51       103.476.734 Registro al 23mag2007.reg.txt
    23/05/2007  08.51       103.476.734 Registro al 23mag2007.reg
    23/05/2007  08.42       804.446.208 pagefile.sys
    03/03/2007  11.27         4.706.104 WindowsXP-KB922760-x86-ITA.exe
    14/11/2006  00.50             2.074 Trasferimento guidato.txt
    13/11/2006  17.07               217 boot.ini
    13/11/2006  16.26        82.444.378 Registro al 13nov2006.reg
    17/10/2006  14.42           828.323 winzip.log
    28/06/2006  16.53         5.501.540 BMP25.tmp
    03/03/2006  11.25           524.288 MAUBIOS.AWD
    26/12/2005  12.42         2.024.101 11 I will follow.wma
    15/12/2005  20.33               151 liprefs.js
    28/05/2005  17.46             1.120 INSTALL.LOG
    05/02/2005  21.31             3.466 VolumeC.txt
    20/09/2004  11.26               114 DeleteAtReboot.bat
    14/09/2004  16.40               192 BcBtRmv.log
    14/09/2004  12.34            47.564 ntdetect.com
    14/09/2004  12.34           251.072 ntldr
    14/09/2004  10.50            45.933 debug.txt
    29/08/2004  14.05               512 BOOTSECT.DOS
    25/08/2004  01.01             1.834 SCANDISK.LOG
    17/08/2004  02.37                 0 ‡
    16/08/2004  16.27                 0 ati @ 819200 bps
    12/08/2004  19.09           181.866 listinoprezzi.pdf
    28/07/2004  19.20                 0 ‹
    21/07/2004  22.36                 0 t activity
    13/07/2004  11.56            75.045 marinamassa.jpg
    02/06/2004  17.37            63.758 cri.jpg
    02/06/2004  14.33               100 CONFIG.SYS
    02/06/2004  14.33               181 AUTOEXEC.BAT
    28/05/2004  18.21            31.046 16-05-04_1042.jpg
    01/05/2004  13.34                 0 i @ 50666
    05/04/2004  09.54                 0 V
    27/03/2004  20.21                 0 i @ 50666 bps
    26/03/2004  15.45               212 perform.log
    13/02/2004  14.27                84 jswx.log
    08/02/2004  19.44            85.229 PMDRV.LOG
    06/02/2004  16.38                 0 AdobeWeb.log
    26/01/2004  20.33                 0 ~
    25/12/2003  11.42            46.442 maurizio2.jpg
    16/12/2003  18.22               406 debugInstaller.txt
    14/12/2003  21.10                 0 tal, 4 running
    06/12/2003  12.33            77.776 maurizio.jpg
    15/11/2003  19.59           914.722 pop3_ita_man.zip
    12/11/2003  12.58                63 WINDOWSWinHlp32.BMK
    11/11/2003  22.37               967 Command.PIF
    09/11/2003  11.06               443 SETUPXLG.TXT
    07/11/2003  09.00                 0 ؘ5C—¨O@ؘ
    06/11/2003  20.27                 0 ؘ5C—¨uìؘ
    06/11/2003  17.15                 0 ؘ5C—¨àMؘ
    06/11/2003  17.11                 0 ؘ5C—¨gMؘ
    06/11/2003  16.38                 0 ؘ5C—¨3Bؘ
    06/11/2003  16.07             1.676 MSDOS.SYS
    06/11/2003  16.05             1.089 FRUNLOG.TXT
    06/11/2003  15.39             4.262 mmcInst.log
    06/11/2003  15.07            53.248 VIDEOROM.BIN
    31/08/2001  12.00             4.952 Bootfont.bin
    24/05/2001  12.59           162.304 UNWISE.EXE
    10/02/2000  19.30             8.608 npwmsdrm.dll
    05/05/1999  22.22           222.390 IO.SYS
                  63 File  1.109.740.002 byte
                   0 Directory   8.632.058.880 byte disponibili
    
    ----- System32 ------------------------- 
     Il volume nell'unit… C Š WindowsXP
     Numero di serie del volume: 0C15-E849
    
     Directory di C:\WINDOWS\system32
    
    23/05/2007  12.39            34.779 fjijmstv.log
    23/05/2007  09.54                 0 asfiles.txt
    23/05/2007  09.50             2.550 Uninstall.ico
    23/05/2007  09.50             1.406 Help.ico
    23/05/2007  09.50            30.590 pavas.ico
    22/05/2007  17.03             2.206 wpa.dbl
    28/04/2007  17.34            38.368 vsconfig.xml
    28/04/2007  17.27             4.212 zllictbl.dat
    25/03/2007  12.08           338.430 perfh010.dat
    
    ----- Prefetch ------------------------- 
     Il volume nell'unit… C Š WindowsXP
     Numero di serie del volume: 0C15-E849
    
     Directory di C:\WINDOWS\Prefetch
    
    23/05/2007  12.59            12.458 FIND.EXE-0F127430.pf
    23/05/2007  12.59            14.794 CMD.EXE-137A0D53.pf
    23/05/2007  12.52            55.280 NOTEPAD.EXE-08F3A979.pf
    23/05/2007  12.45           121.622 IEXPLORE.EXE-2E65FF20.pf
    23/05/2007  12.35            20.838 IMAPI.EXE-10859813.pf
    23/05/2007  12.35           101.982 EXPLORER.EXE-05416907.pf
    23/05/2007  12.35             8.184 FJIJMSTV.LOG-04BDB0B5.pf
    23/05/2007  12.35            17.902 TASKMGR.EXE-20E19D70.pf
    23/05/2007  12.12            17.846 RUNDLL32.EXE-2A22BAF7.pf
    23/05/2007  11.44            51.350 WINRAR.EXE-08F800FE.pf
    23/05/2007  11.44            20.500 VERCLSID.EXE-3B227142.pf
    23/05/2007  11.24            13.928 DUMPREP.EXE-1C032A1C.pf
    23/05/2007  11.09            26.044 ACRORD32INFO.EXE-282438F3.pf
    23/05/2007  11.04            15.980 REGEDIT.EXE-17A382F4.pf
    23/05/2007  09.54             6.092 ZBERVS.EXE-14E1B912.pf
    23/05/2007  09.51            16.812 REGSVR32.EXE-10006695.pf
    23/05/2007  09.50            13.934 RUNONCE.EXE-246F7E39.pf
    23/05/2007  09.43            42.882 HIJACKTHIS.EXE-375DC4F0.pf
    23/05/2007  09.36            14.044 DSLMON.EXE-0889CFFC.pf
    23/05/2007  09.36            10.388 QUICKDCF.EXE-0C6B51C6.pf
    23/05/2007  09.36            26.396 BTTRAY.EXE-0719201C.pf
    23/05/2007  09.36            17.090 WINCINEMAMGR.EXE-0306A185.pf
    23/05/2007  09.36            13.856 OSA9.EXE-055D8E8B.pf
    23/05/2007  09.36            11.238 E_SRCV02.EXE-1C644564.pf
    23/05/2007  09.36            13.954 ATIPTAXX.EXE-1553CB07.pf
    23/05/2007  09.36            15.732 RUNDLL32.EXE-29591ED3.pf
    23/05/2007  09.35            17.074 SWTRAYV4.EXE-0C2B8067.pf
    23/05/2007  09.35            16.536 SMTRAY.EXE-0CA942C8.pf
    23/05/2007  09.35            18.026 ADOBE GAMMA LOADER.EXE-0631B9CF.pf
    23/05/2007  09.35            72.160 AVP.EXE-04798A20.pf
    23/05/2007  09.35            12.144 SYSTRAY.EXE-1815A4B4.pf
    23/05/2007  09.35            13.348 RUNDLL32.EXE-3FD78BF4.pf
    23/05/2007  09.35            13.050 NEROCHECK.EXE-1E75D2F8.pf
    23/05/2007  09.35             8.936 QTTASK.EXE-06FC00E8.pf
    23/05/2007  09.35            14.202 REGSHAVE.EXE-2AFC9480.pf
    23/05/2007  09.33             7.652 AVP.COM-2D581F5D.pf
    23/05/2007  09.32            17.866 USERINIT.EXE-19714419.pf
    23/05/2007  09.32            13.886 ATI2EVXX.EXE-3111ABE0.pf
    23/05/2007  09.31            20.622 LOGONUI.EXE-3164D1CB.pf
    23/05/2007  09.31             8.824 WSCNTFY.EXE-314E7AE5.pf
    23/05/2007  09.25            26.380 CONTROL.EXE-01F9F0D0.pf
    23/05/2007  09.25            18.558 RUNDLL32.EXE-3A81F8EC.pf
    23/05/2007  08.44            12.546 RUNDLL32.EXE-5C5FFFE7.pf
    23/05/2007  08.44         1.047.526 NTOSBOOT-B00DFAAD.pf
    23/05/2007  01.23            65.210 WMPLAYER.EXE-05D92D3B.pf
    23/05/2007  01.20            31.610 MPLAYERC.EXE-30CA7864.pf
    23/05/2007  01.08            21.110 RUNDLL32.EXE-60F2687D.pf
    23/05/2007  01.08            21.658 RUNDLL32.EXE-333EB107.pf
    23/05/2007  01.08            21.110 RUNDLL32.EXE-5A4838E3.pf
    23/05/2007  01.08            23.114 RUNDLL32.EXE-4684EA08.pf
    23/05/2007  01.06            77.922 SPYBOTSD.EXE-1BA8AB4B.pf
    23/05/2007  01.04            21.110 RUNDLL32.EXE-4AF852E0.pf
    23/05/2007  01.03            24.416 RUNDLL32.EXE-2A225400.pf
    23/05/2007  01.03            21.110 RUNDLL32.EXE-4F000ED7.pf
    23/05/2007  01.03            21.110 RUNDLL32.EXE-6208DA60.pf
    23/05/2007  01.03            21.110 RUNDLL32.EXE-542A4E63.pf
    23/05/2007  01.03            21.110 RUNDLL32.EXE-42189883.pf
    23/05/2007  00.41            84.856 EMULE.EXE-37BAD999.pf
    23/05/2007  00.35            22.906 RUNDLL32.EXE-5B444E75.pf
    23/05/2007  00.32            21.158 RUNDLL32.EXE-63D1E303.pf
    23/05/2007  00.31            21.416 RUNDLL32.EXE-46C4D6D7.pf
    23/05/2007  00.31            21.110 RUNDLL32.EXE-37DC38AB.pf
    23/05/2007  00.31            21.110 RUNDLL32.EXE-50EAD758.pf
    23/05/2007  00.31            21.110 RUNDLL32.EXE-3D5C7ABD.pf
    23/05/2007  00.30            21.098 RUNDLL32.EXE-3A6A8460.pf
    23/05/2007  00.30            21.098 RUNDLL32.EXE-5BF1C144.pf
    23/05/2007  00.30            21.110 RUNDLL32.EXE-29933E4A.pf
    23/05/2007  00.30            21.098 RUNDLL32.EXE-6047E92B.pf
    23/05/2007  00.30            23.964 RUNDLL32.EXE-6010CE31.pf
    23/05/2007  00.29            21.110 RUNDLL32.EXE-5874D2A5.pf
    23/05/2007  00.29            21.122 RUNDLL32.EXE-5780A48C.pf
    23/05/2007  00.29            21.110 RUNDLL32.EXE-3057FD89.pf
    23/05/2007  00.17            66.478 RSTRUI.EXE-33D92DF1.pf
    23/05/2007  00.17            29.262 MSCONFIG.EXE-1501BCEB.pf
    23/05/2007  00.17            25.818 BTSTACKSERVER.EXE-2202B4F1.pf
    23/05/2007  00.17            10.652 READER_SL.EXE-3472A24F.pf
    22/05/2007  23.14            91.838 MSMSGS.EXE-2298A5EB.pf
    22/05/2007  23.14            60.726 MSIMN.EXE-2B9DBDF7.pf
    22/05/2007  23.12            12.138 RUNDLL32.EXE-440BC9BD.pf
    22/05/2007  21.31            78.432 DFRGNTFS.EXE-0F55FCE5.pf
    22/05/2007  21.31            24.270 DEFRAG.EXE-10D9C910.pf
    22/05/2007  21.31           351.908 Layout.ini
    22/05/2007  19.40            27.116 BTSENDTO_EXPLORER.EXE-2359C101.pf
    21/05/2007  23.32            12.934 ATIPRBXX.EXE-20DA9DA7.pf
    21/05/2007  01.14            24.148 BTSTAC~1.EXE-36DB18EA.pf
    21/05/2007  00.38            35.264 PLATASKS.EXE-2053DF43.pf
    20/05/2007  22.44            13.450 PSIMREAL.EXE-13C8BE44.pf
    20/05/2007  22.38            62.566 UPGRADER.EXE-0FF2C1FF.pf
    20/05/2007  22.09            34.884 AVCIMAN.EXE-06C38C37.pf
                  89 File      3.799.422 byte
                   0 Directory   8.631.933.952 byte disponibili
    
    ----- Windows -------------------------- 
     Il volume nell'unit… C Š WindowsXP
     Numero di serie del volume: 0C15-E849
    
     Directory di C:\WINDOWS
    
    23/05/2007  09.54             1.914 win.ini
    23/05/2007  09.50           606.842 setupapi.log
    23/05/2007  08.43                 0 0.log
    23/05/2007  08.43               157 wiadebug.log
    23/05/2007  08.43         1.757.847 WindowsUpdate.log
    23/05/2007  08.43                50 wiaservc.log
    23/05/2007  08.42             2.048 bootstat.dat
    23/05/2007  01.27            32.558 SchedLog.Txt
    23/05/2007  01.27                12 bthservsdp.dat
    23/05/2007  01.20               229 NeroDigital.ini
    22/05/2007  23.42           611.830 ntbtlog.txt
    22/05/2007  18.29            54.156 QTFont.qfn
    20/05/2007  15.12            17.110 wmsetup.log
    14/05/2007  18.40             1.409 QTFont.for
    06/03/2007  18.27             1.355 imsins.log
    
    ----- Tasks ---------------------------- 
     Il volume nell'unit… C Š WindowsXP
     Numero di serie del volume: 0C15-E849
    
     Directory di C:\WINDOWS\tasks
    
    23/05/2007  12.30               258 Disinstalla Promemoria scadenza.job
    23/05/2007  08.42                 6 SA.DAT
    05/05/2007  19.00               502 Avvio ottimizzazione applicazione.job
    16/08/2004  14.41               473 TASK20040816144127.job
    27/07/2001  12.22                65 desktop.ini
                   5 File          1.304 byte
                   0 Directory   8.631.917.056 byte disponibili
     
    ----- Wintemp -------------------------- 
     Il volume nell'unit… C Š WindowsXP
     Numero di serie del volume: 0C15-E849
    
     Directory di C:\WINDOWS\temp
    
    21/05/2007  09.35            32.768 PR5D.tmp
    28/04/2007  17.01            16.384 ~DFE366.tmp
    02/01/2007  13.56            16.384 Perflib_Perfdata_56c.dat
    28/12/2006  18.53            16.384 Perflib_Perfdata_558.dat
    
    ----- Temp ----------------------------- 
     Il volume nell'unit… C Š WindowsXP
     Numero di serie del volume: 0C15-E849
    
     Directory di C:\DOCUME~1\Nome\IMPOST~1\Temp
    
    23/05/2007  12.59           149.635 filelist.txt
    23/05/2007  09.55             9.255 GlaukaCommDll.log
    22/05/2007  13.32               902 TWAIN.LOG
    22/05/2007  13.32                 5 Twain001.Mtx
    22/05/2007  13.32               156 Twunk001.MTX
    21/05/2007  23.29           798.998 IMT8.xml
    21/05/2007  23.29               426 IMT7.xml
    21/05/2007  23.29             2.050 IMT6.xml
    21/05/2007  00.53         2.799.664 kl-install-2007-05-21-00-51-23.log
    21/05/2007  00.53            51.880 caevents.log
    21/05/2007  00.52                 0 kleaner.log
    21/05/2007  00.51             5.562 plf2.tmp
    21/05/2007  00.46            15.517 PavLogInst
    20/05/2007  15.12            12.818 control.xml
    20/05/2007  13.21            16.002 PSSysChk.log
    18/05/2007  23.40             2.346 pav122.tmp
    17/05/2007  20.37             3.355 wecerr.txt
    12/05/2007  21.58               150 RN7.htm
    12/05/2007  19.41             3.283 h2r3.tmp
    06/05/2007  23.03            67.186 dat133.tmp
    01/05/2007  18.20            52.294 3f91_appcompat.txt
    30/04/2007  21.43             2.989 pav14B.tmp
    28/04/2007  17.33            71.680 GLB34.tmp
    28/04/2007  17.26            29.189 GLG1D.tmp
    28/04/2007  17.26            71.680 GLB2A.tmp
    28/04/2007  17.26                 0 GLF29.tmp
    28/04/2007  17.26                 0 GLF28.tmp
    28/04/2007  17.26               315 GLF22.tmp
    28/04/2007  17.26                 0 GLF27.tmp
    28/04/2007  17.26                 0 GLF26.tmp
    28/04/2007  17.26                 0 GLF25.tmp
    28/04/2007  17.25                 0 GLF1F.tmp
    28/04/2007  17.24            33.792 GLH1B.tmp
    28/04/2007  17.24           165.376 GLC1A.tmp
    28/04/2007  17.16            26.310 GLG6.tmp
    28/04/2007  17.16                 0 GLF11.tmp
    28/04/2007  17.16               317 GLFB.tmp
    28/04/2007  17.16                 0 GLF10.tmp
    28/04/2007  17.16                 0 GLFF.tmp
    28/04/2007  17.16                 0 GLFE.tmp
    28/04/2007  17.15                 0 GLF8.tmp
    28/04/2007  17.15            33.792 GLH4.tmp
    28/04/2007  17.15           165.376 GLC3.tmp
    28/04/2007  17.15            71.680 GLB2.tmp
    28/04/2007  16.25            71.680 GLB115.tmp
    28/04/2007  16.25            71.680 GLB112.tmp
    24/04/2007  21.27           362.002 1b3f_appcompat.txt
    21/04/2007  11.42            15.554 638c_appcompat.txt
    21/04/2007  11.42             3.144 mso1A5.icm
    20/04/2007  13.05            52.294 499a_appcompat.txt
    That's all. If want more I'll post it.
    Thanks everybody for assistance.
    Geändert von Karl (23.05.2007 um 19:52 Uhr)

  4. #4
    Ehrenmitglied Avatar von Karl
    Registriert seit
    01.12.2005
    Ort
    Berlin
    Beiträge
    8.393

    AW: Hi gentlemen! I think I've found something for you!

    Hi,

    Goto this site and start a new thread with "New Topic", you don't need to be registered. Fill in the fields and put a link to this thread into your message. Please copy the virustotal scan results for the following files into your message. Choose "Browse ..." to select and upload the following files.
    • c:\windows\system32\fjijmstv.log

    Click "Post". This will give our experts the chance to check this files. The bad one will be given to antivirus companies to improve their detections. Note: You won't be able to see the uploaded files, this needs special permission. Thank you.

    Load Autoruns and unzip it. Start Autoruns.exe. Press ESC to cancel the first scan. From option menu set this:
    • "Include Empty Locations" -> on (checked)
    • "Verify Code Signatures" -> on (checked)
    • "Hide Signed Microsoft Entries" -> off (unchecked)

    Press F5 for a new scan. After it is finished choose menu file "Save As" and save it for later posting.

    Load silentrunners.vbs from this site onto your desktop. Close all programs and start slentrunners. Choose "No" to the first question, the "supplementary searches" should be done. Say "yes" to the aditional question. Wait until silentrunners popup a message that it's finished. The log will be a new file on your desktop, post the contents.

    Insert before it this line
    [CODE]
    and behind it this line
    [/CODE]
    Regards, Karl

  5. #5
    Einsteiger
    Registriert seit
    23.05.2007
    Beiträge
    19

    Danke Karl

    Code:
    "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"
    
    
    Startup items buried in registry:
    ---------------------------------
    
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Smapp" = "C:\Programmi\Analog Devices\SoundMAX\Smtray.exe" ["Analog Devices, Inc."]
    "SideWinderTrayV4" = "C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe" [MS]
    "REGSHAVE" = "C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
    "QuickTime Task" = ""C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
    "BtStart" = "C:\Programmi\WIDCOMM\Bluetooth Software\bin\btstart.exe" [file not found]
    "BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
    "ATIPTA" = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
    "SystemTray" = "SysTray.Exe" [MS]
    "AVP" = ""C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]
    
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                       \InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    
    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
      -> {HKLM...CLSID} = "Estensione panoramica video del Pannello di controllo"
                       \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
      -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                       \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"
      -> {HKLM...CLSID} = "Menu Band"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu"
      -> {HKLM...CLSID} = "Tracking Shell Menu"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"
      -> {HKLM...CLSID} = "Menu Site"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar"
      -> {HKLM...CLSID} = "Menu Desk Bar"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"
      -> {HKLM...CLSID} = "IShellFolderBand"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "Co&llegamenti"
      -> {HKLM...CLSID} = "Co&llegamenti"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Immagine di anteprima"
      -> {HKLM...CLSID} = "Immagine di anteprima"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
      -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                       \InProcServer32\(Default) = "C:\PROGRAMMI\REAL\REALPLAYER\RPSHELL.DLL" ["RealNetworks, Inc."]
    "{0006F045-0000-0000-C000-000000000046}" = (no title provided)
      -> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
                       \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS]
    "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
      -> {HKLM...CLSID} = "My Bluetooth Places"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
      -> {HKLM...CLSID} = "WinRAR"
                       \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
    "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Periferiche Plug and Play universali"
      -> {HKLM...CLSID} = "Periferiche Plug and Play universali"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
    "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Anti-virus web"
      -> {HKLM...CLSID} = "Anti-virus web"
                       \InProcServer32\(Default) = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]
    
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
      -> {HKLM...CLSID} = "WPDShServiceObj Class"
                       \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
    
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
    <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
    
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
    <<!>> explorer.exe\Debugger = ""c:\windows\system32\fjijmstv.log"" [null data]
    
    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
      -> {HKLM...CLSID} = "PDF Shell Extension"
                       \InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
    
    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
                       \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
      -> {HKLM...CLSID} = "WinZip"
                       \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP8\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
      -> {HKLM...CLSID} = "RtClkCtxMenu Class"
                       \InProcServer32\(Default) = "C:\PROGRAMMI\WS_FTP PRO\WSFTPSI.DLL" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]
    ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
      -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
                       \InProcServer32\(Default) = "C:\PROGRAMMI\WINACE\arcext.dll" ["e-merge GmbH"]
    
    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
                       \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
      -> {HKLM...CLSID} = "WinZip"
                       \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP8\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
      -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
                       \InProcServer32\(Default) = "C:\PROGRAMMI\WINACE\arcext.dll" ["e-merge GmbH"]
    
    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
                       \InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
      -> {HKLM...CLSID} = "WinZip"
                       \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP8\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
      -> {HKLM...CLSID} = "RtClkCtxMenu Class"
                       \InProcServer32\(Default) = "C:\PROGRAMMI\WS_FTP PRO\WSFTPSI.DLL" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]
    
    
    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------
    
    Note: detected settings may not have any effect.
    
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
    
    "CDRAutoRun" = (REG_BINARY) hex:00 00 00 00
    {unrecognized setting}
    
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
    
    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}
    
    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}
    
    
    Active Desktop and Wallpaper:
    -----------------------------
    
    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
    
    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"
    
    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"
    
    
    Startup items in "Nome" & "All Users" startup folders:
    ------------------------------------------------------
    
    C:\Documents and Settings\Nome\Menu Avvio\Programmi\Esecuzione automatica
    "DSLMON" -> shortcut to: "C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe" [empty string]
    
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
    "Adobe Gamma Loader" -> shortcut to: "C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "Avvio veloce di Adobe Reader" -> shortcut to: "C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
    "BTTray" -> shortcut to: "C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]
    "EPSON Status Monitor 3 Environment Check(2)" -> shortcut to: "C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE" ["SEIKO EPSON CORPORATION"]
    "Exif Launcher" -> shortcut to: "C:\Programmi\FinePixViewer\QuickDCF.exe" ["FUJI PHOTO FILM CO., LTD."]
    "InterVideo WinCinema Manager" -> shortcut to: "C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
    "Microsoft Office" -> shortcut to: "C:\Programmi\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
    
    
    Enabled Scheduled Tasks:
    ------------------------
    
    "Avvio ottimizzazione applicazione" -> launches: "walign" [file not found]
    "Disinstalla Promemoria scadenza" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /u /n:1" [MS]
    "TASK20040816144127" -> launches: "C:\Programmi\WS_FTP Pro\wsftppro.exe -m "C:\Programmi\File comuni\Ipswitch\WS_FTP\Scheduler\sch91B3.TMP"" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]
    
    
    Winsock2 Service Provider DLLs:
    -------------------------------
    
    Namespace Service Providers
    
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
    
    Transport Service Providers
    
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
    
    
    Toolbars, Explorer Bars, Extensions:
    ------------------------------------
    
    Toolbars
    
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
      -> {HKLM...CLSID} = "Yahoo! Toolbar con blocco Pop-Up"
                       \InProcServer32\(Default) = "C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
      -> {HKLM...CLSID} = "Yahoo! Toolbar con blocco Pop-Up"
                       \InProcServer32\(Default) = "C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    
    Explorer Bars
    
    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    {44226DFF-747E-4EDC-B30C-78752E50CD0C}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "&ATI TV"
                       \InProcServer32\(Default) = "C:\PROGRAMMI\ATI MULTIMEDIA\TV\EXPLBAR.DLL" ["ATI Technologies Inc."]
    {75F66CD8-5E10-C2BB-30CD-7839DB012473}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "JavaScript console"
                       \InProcServer32\(Default) = "C:\WINDOWS\jiffm1.dll" [file not found]
    
    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    
    HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Anti-virus web"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]
    
    Extensions (Tools menu items, main toolbar menu buttons)
    
    HKCU\Software\Microsoft\Internet Explorer\Extensions\
    {9885224C-1217-4C5F-83C2-00002E6CEF2B}\
    "ButtonText" = "McAfee Visual Trace"
    "Script" = "C:\Programmi\VisualTrace\NTXtoolbar.htm" [null data]
    
    {F2958227-261C-424D-A501-5CA24AF61855}\
    "ButtonText" = "Alice"
    "Exec" = "http://gw.aliceadsl.it/alice" [file not found]
    
    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
    "ButtonText" = "Anti-virus web"
    
    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
    "ButtonText" = "Spyware Doctor"
    "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
    
    {44226DFF-747E-4EDC-B30C-78752E50CD0C}\
    "ButtonText" = "ATI TV"
    
    {CCA281CA-C863-46EF-9331-5C8D4460577F}\
    "ButtonText" = "@btrez.dll,-4015"
    "MenuText" = "@btrez.dll,-4017"
    "Script" = "C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]
    
    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Programmi\Messenger\msmsgs.exe" [MS]
    
    
    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------
    
    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    Bluetooth Service, btwdins, "C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."]
    Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
    EpsonBidirectionalService, EpsonBidirectionalService, "C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe" [null data]
    Kaspersky Internet Security 6.0, AVP, ""C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"]
    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Programmi\Analog Devices\SoundMAX\smagent.exe" ["Analog Devices, Inc."]
    
    
    Print Monitors:
    ---------------
    
    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Bluetooth Printer Port\Driver = "bthcrp.dll" ["WIDCOMM, Inc."]
    EPSON V3 2KMonitor397\Driver = "E_SL2397.DLL" ["SEIKO EPSON CORPORATION"]
    
    
    ----------
    <<!>>: Suspicious data at a malware launch point.
    
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
      launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
      took 226 seconds.
    ---------- (total run time: 303 seconds)

  6. #6
    Einsteiger
    Registriert seit
    23.05.2007
    Beiträge
    19

    And this is the autoruns scan:

    Code:
    HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms			
    + rdpclip	RDP Clip Monitor	(Verified) Microsoft Windows Publisher	c:\windows\system32\rdpclip.exe
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup			
    HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup			
    HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon			
    HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon			
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit			
    + C:\WINDOWS\SYSTEM32\Userinit.exe	Applicazione accesso Userinit	(Verified) Microsoft Windows Publisher	c:\windows\system32\userinit.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell			
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell			
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell			
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell			
    + Explorer.exe	Esplora risorse	(Verified) Microsoft Windows Publisher	c:\windows\explorer.exe
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman			
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce			
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx			
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run			
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run			
    + ATIPTA	ATI Desktop Control Panel	(Not verified) ATI Technologies, Inc.	c:\programmi\ati technologies\ati control panel\atiptaxx.exe
    + AVP	Kaspersky Anti-Virus	(Not verified) Kaspersky Lab	c:\programmi\kaspersky lab\kaspersky internet security 6.0\avp.exe
    + BluetoothAuthenticationAgent	Bluetooth Control Panel Applet	(Verified) Microsoft Windows Publisher	c:\windows\system32\bthprops.cpl
    + BtStart			File not found: C:\Programmi\WIDCOMM\Bluetooth Software\bin\btstart.exe
    + LoadPowerProfile	Power Profile Helper DLL	(Verified) Microsoft Windows Publisher	c:\windows\system32\powrprof.dll
    + NeroFilterCheck	NeroCheck	(Not verified) Ahead Software Gmbh	c:\windows\system32\nerocheck.exe
    + QuickTime Task		(Not verified) Apple Computer, Inc.	c:\windows\system32\qttask.exe
    + REGSHAVE	Shaving Registry	(Not verified) FUJI PHOTO FILM CO., LTD.	c:\programmi\regshave\regshave.exe
    + SideWinderTrayV4	MS SideWinder Tray Application	(Not verified) Microsoft Corporation	c:\programmi\microsoft hardware\game controllers\common\swtrayv4.exe
    + Smapp	SoundMAX System Tray	(Not verified) Analog Devices, Inc.	c:\programmi\analog devices\soundmax\smtray.exe
    + SystemTray	Systray .exe stub	(Verified) Microsoft Windows Publisher	c:\windows\system32\systray.exe
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx			
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce			
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica			
    + Adobe Gamma Loader.lnk	Adobe Gamma Loader	(Not verified) Adobe Systems, Inc.	c:\programmi\file comuni\adobe\calibration\adobe gamma loader.exe
    + Avvio veloce di Adobe Reader.lnk	Adobe Acrobat SpeedLauncher	(Not verified) Adobe Systems Incorporated	c:\programmi\adobe\acrobat 7.0\reader\reader_sl.exe
    + BTTray.lnk	Bluetooth Tray Application	(Not verified) WIDCOMM, Inc.	c:\programmi\widcomm\bluetooth software\bttray.exe
    + EPSON Status Monitor 3 Environment Check(2).lnk	StatusMonitor3 Environment Check	(Not verified) SEIKO EPSON CORPORATION	c:\windows\system32\spool\drivers\w32x86\3\e_srcv02.exe
    + Exif Launcher.lnk	Exif Launcher	(Not verified) FUJI PHOTO FILM CO., LTD.	c:\programmi\finepixviewer\quickdcf.exe
    + InterVideo WinCinema Manager.lnk	WinCinema Manager		c:\programmi\intervideo\common\bin\wincinemamgr.exe
    + Microsoft Office.lnk	Microsoft Office 2000 component	(Not verified) Microsoft Corporation	c:\programmi\microsoft office\office\osa9.exe
    C:\Documents and Settings\Nome\Menu Avvio\Programmi\Esecuzione automatica			
    + DSLMON.lnk	ADIMON MFC Application		c:\programmi\arescom\modem telindus arescom nd220b\dslmon.exe
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load			
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run			
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run			
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run			
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run			
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce			
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce			
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx			
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run			
    HKLM\SOFTWARE\Classes\Protocols\Filter			
    + Class Install Handler	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + deflate	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + gzip	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + lzdhtml	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + text/webviewhtml	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    HKLM\SOFTWARE\Classes\Protocols\Handler			
    + about	Visualizzatore HTML Microsoft (R)	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\mshtml.dll
    + cdl	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + dvd	Controllo ActiveX per streaming video	(Verified) Microsoft Windows Publisher	c:\windows\system32\msvidctl.dll
    + file	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + ftp	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + gopher	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + http	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + https	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + its	Microsoft® InfoTech Storage System Library	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\itss.dll
    + javascript	Visualizzatore HTML Microsoft (R)	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\mshtml.dll
    + local	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + mailto	Visualizzatore HTML Microsoft (R)	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\mshtml.dll
    + mhtml	Microsoft Internet Messaging API	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\inetcomm.dll
    + mk	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + ms-its	Microsoft® InfoTech Storage System Library	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\itss.dll
    + res	Visualizzatore HTML Microsoft (R)	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\mshtml.dll
    + sysimage	Visualizzatore HTML Microsoft (R)	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\mshtml.dll
    + tv	Controllo ActiveX per streaming video	(Verified) Microsoft Windows Publisher	c:\windows\system32\msvidctl.dll
    + vbscript	Visualizzatore HTML Microsoft (R)	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\mshtml.dll
    + wia	WIA Scripting Layer	(Verified) Microsoft Windows Publisher	c:\windows\system32\wiascr.dll
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components			
    + 0			File not found: About:Home
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components			
    + CRLUpdate	UPDCRL	(Not verified) Microsoft Corporation	c:\windows\system32\updcrl.exe
    + Impostazioni di risparmio energetico			File not found: setupx.dll
    + Internet Explorer	Windows NT User Data Migration Tool	(Verified) Microsoft Windows Publisher	c:\windows\system32\shmgrate.exe
    + Internet Explorer 6	Internet Explorer 5.0 - Utilità di installazione per utente	(Verified) Microsoft Windows Publisher	c:\windows\system32\ie4uinit.exe
    + Microsoft Outlook Express 6	Libreria dell'installazione di Outlook Express	(Verified) Microsoft Windows Publisher	c:\programmi\outlook express\setup50.exe
    + Microsoft Windows Media Player	ADVPACK	(Verified) Microsoft Windows Publisher	c:\windows\system32\advpack.dll
    + n/a	Microsoft .NET IE SECURITY REGISTRATION	(Not verified) Microsoft Corporation	c:\windows\system32\mscories.dll
    + NetMeeting 3.01	ADVPACK	(Verified) Microsoft Windows Publisher	c:\windows\system32\advpack.dll
    + Outlook Express	Windows NT User Data Migration Tool	(Verified) Microsoft Windows Publisher	c:\windows\system32\shmgrate.exe
    + Personalizzazione del browser	DLL di personalizzazione di Microsoft Internet Explorer	(Verified) Microsoft Windows Publisher	c:\windows\system32\iedkcs32.dll
    + Rubrica 6	Libreria dell'installazione di Outlook Express	(Verified) Microsoft Windows Publisher	c:\programmi\outlook express\setup50.exe
    + Themes Setup	Microsoft(C) Register Server	(Verified) Microsoft Windows Publisher	c:\windows\system32\regsvr32.exe
    + Windows Desktop Update	Microsoft(C) Register Server	(Verified) Microsoft Windows Publisher	c:\windows\system32\regsvr32.exe
    + Windows Media Player	Utilità di configurazione di Microsoft Windows Media Player	(Verified) Microsoft Windows Component Publisher	c:\windows\inf\unregmp2.exe
    + Windows Messenger 4.7	ADVPACK	(Verified) Microsoft Windows Publisher	c:\windows\system32\advpack.dll
    HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components			
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler			
    + Daemon di cache delle categorie di componenti	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Precaricatore Browseui	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad			
    + CDBurn	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + PostBootReminder	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + SysTray	Oggetto servizio shell Systray	(Verified) Microsoft Windows Publisher	c:\windows\system32\stobject.dll
    + UPnPMonitor	Cartella e monitor cassetto UPNP	(Verified) Microsoft Windows Publisher	c:\windows\system32\upnpui.dll
    + WebCheck	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + WPDShServiceObj	Windows Portable Device Shell Service Object	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wpdshserviceobj.dll
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad			
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks			
    + shell32.dll	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved			
    + Cartelle Web			c:\programmi\file comuni\microsoft shared\web folders\msonsext.dll
    + olkfstub.dll	Microsoft Outlook Shell Hook for Start/Find	(Not verified) Microsoft Corporation	c:\programmi\microsoft office\office\olkfstub.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved			
    + %DESC_PublishDropTarget%	Stampa guidata foto	(Verified) Microsoft Windows Publisher	c:\windows\system32\photowiz.dll
    + &Contatti...	Trova contatti	(Verified) Microsoft Windows Publisher	c:\programmi\outlook express\wabfind.dll
    + &Indirizzo	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + .CAB file viewer	Estensione shell Cabinet File Viewer	(Verified) Microsoft Windows Publisher	c:\windows\system32\cabview.dll
    + Accessibile	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Account utente	Procedura guidata Connetti unità di rete/Risorse di rete	(Verified) Microsoft Windows Publisher	c:\windows\system32\netplwiz.dll
    + ActiveDesktop	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Address EditBox	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Anteprima	Estensione visualizzazione anteprima	(Not verified) Microsoft Corporation	c:\windows\system32\thumbvw.dll
    + Anti-virus web	Script Monitor Internet Explorer plugin	(Verified) Kaspersky Lab	c:\programmi\kaspersky lab\kaspersky internet security 6.0\scieplugin.dll
    + Assistenza utente	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Audio Media Properties Handler	Estensione shell programma di estrazione proprietà file multimediale	(Verified) Microsoft Windows Publisher	c:\windows\system32\shmedia.dll
    + Auto Update Property Sheet Extension	Pannello di Controllo Aggiornamenti automatici	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\wuaucpl.cpl
    + Avi Properties Handler	Estensione shell programma di estrazione proprietà file multimediale	(Verified) Microsoft Windows Publisher	c:\windows\system32\shmedia.dll
    + BandProxy	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Barra degli strumenti Microsoft Internet	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Barra delle applicazioni e menu di avvio	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Cartella cache ActiveX	Object Control Viewer	(Verified) Microsoft Windows Publisher	c:\windows\system32\occache.dll
    + Cartella compressa	Cartelle compresse	(Verified) Microsoft Windows Publisher	c:\windows\system32\zipfldr.dll
    + Cartella file non in linea	Interfaccia della cache sul lato client	(Verified) Microsoft Windows Publisher	c:\windows\system32\cscui.dll
    + Cartella Subscription	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + CDF Extension Copy Hook	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Cerca	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Channel Handler Object	Visualizzatore del file di definizione del canale	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\cdfview.dll
    + Channel Menu	Visualizzatore del file di definizione del canale	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\cdfview.dll
    + Channel Properties	Visualizzatore del file di definizione del canale	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\cdfview.dll
    + CmdFileIcon	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Co&llegamenti	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Code Download Agent	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + Collegamento al canale	Visualizzatore del file di definizione del canale	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\cdfview.dll
    + Completamento automatico Microsoft	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Compressed (zipped) Folder Right Drag Handler	Cartelle compresse	(Verified) Microsoft Windows Publisher	c:\windows\system32\zipfldr.dll
    + Compressed (zipped) Folder SendTo Target	Cartelle compresse	(Verified) Microsoft Windows Publisher	c:\windows\system32\zipfldr.dll
    + ConnectionAgent	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + Connessioni di rete	Shell connessioni di rete	(Verified) Microsoft Windows Publisher	c:\windows\system32\netshell.dll
    + Connessioni di rete	Shell connessioni di rete	(Verified) Microsoft Windows Publisher	c:\windows\system32\netshell.dll
    + Contenitore dell'elenco di Completamento automatico multiplo Microsoft	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Creazione guidata profilo Passport	Procedura guidata Connetti unità di rete/Risorse di rete	(Verified) Microsoft Windows Publisher	c:\windows\system32\netplwiz.dll
    + Cronologia	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Darwin App Publisher	Gestione applicazioni shell	(Verified) Microsoft Windows Publisher	c:\windows\system32\appwiz.cpl
    + DfsShell	Estensione DFS di Shell	(Verified) Microsoft Windows Publisher	c:\windows\system32\dfsshlex.dll
    + Directory Context Menu Verbs	Interfaccia utente comune del servizio directory	(Verified) Microsoft Windows Publisher	c:\windows\system32\dsuiext.dll
    + Directory Object Find	Ricerca del servizio directory	(Verified) Microsoft Windows Publisher	c:\windows\system32\dsquery.dll
    + Directory Property UI	Interfaccia utente comune del servizio directory	(Verified) Microsoft Windows Publisher	c:\windows\system32\dsuiext.dll
    + Directory Query UI	Ricerca del servizio directory	(Verified) Microsoft Windows Publisher	c:\windows\system32\dsquery.dll
    + Directory Start/Search Find	Ricerca del servizio directory	(Verified) Microsoft Windows Publisher	c:\windows\system32\dsquery.dll
    + Disk Quota UI	DLL UI quota disco Shell di Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\dskquoui.dll
    + Display Control Panel HTML Extensions	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Display TroubleShoot CPL Extension	Proprietà avanzate prestazioni di visualizzazione	(Verified) Microsoft Windows Publisher	c:\windows\system32\deskperf.dll
    + Elenco di Completamento automatico della Cronologia di Microsoft	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Elenco di Completamento automatico di Shell Folder di Microsoft	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Elenco di Completamento automatico MRU	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Elenco di Completamento automatico MRU personalizzato	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Enumeratore applicazioni installate	Gestione applicazioni shell	(Verified) Microsoft Windows Publisher	c:\windows\system32\appwiz.cpl
    + Esegui...	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Estensione copia dischi	Windows DiskCopy	(Verified) Microsoft Windows Publisher	c:\windows\system32\diskcopy.dll
    + Estensione Crypto PKO	Estensioni della shell di crittografia	(Verified) Microsoft Windows Publisher	c:\windows\system32\cryptext.dll
    + Estensione di icona di HyperTerminal	HyperTerminal Applet Library	(Verified) Microsoft Windows Publisher	c:\windows\system32\hticons.dll
    + Estensione firma crittografata	Estensioni della shell di crittografia	(Verified) Microsoft Windows Publisher	c:\windows\system32\cryptext.dll
    + Estensione monitor del Pannello di controllo	Proprietà avanzate monitor	(Verified) Microsoft Windows Publisher	c:\windows\system32\deskmon.dll
    + Estensione panoramica video del Pannello di controllo			File not found: deskpan.dll
    + Estensione scheda video del Pannello di controllo	Proprietà avanzate scheda video	(Verified) Microsoft Windows Publisher	c:\windows\system32\deskadp.dll
    + Estensione shell per la stampante Web	DLL dell'interfaccia utente di stampa	(Verified) Microsoft Windows Publisher	c:\windows\system32\printui.dll
    + Estensioni di shell per Windows Script Host	Microsoft (r) Shell Extension for Windows Script Host	(Verified) Microsoft Windows Publisher	c:\windows\system32\wshext.dll
    + Estensioni shell per la condivisione	Estensioni shell per la condivisione	(Verified) Microsoft Windows Publisher	c:\windows\system32\ntshrui.dll
    + Estensioni shell per la condivisione	Estensioni shell per la condivisione	(Verified) Microsoft Windows Publisher	c:\windows\system32\ntshrui.dll
    + Estensioni shell per oggetti Rete Microsoft Windows	Interfaccia utente shell Network object	(Verified) Microsoft Windows Publisher	c:\windows\system32\ntlanui2.dll
    + Explorer Band	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Extensions Manager Folder	Extensions Manager	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\extmgr.dll
    + Favorites Band	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + File del canale	Visualizzatore del file di definizione del canale	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\cdfview.dll
    + File temporanei Internet	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + File temporanei Internet	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Folder Options Property Page Extension	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + FTP Folders Webview	Estensione shell della cartella FTP di Microsoft Internet Explorer	(Verified) Microsoft Windows Publisher	c:\windows\system32\msieftp.dll
    + GDI + programma di estrazione file in anteprima	Visualizzatore immagini e fax per Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\shimgvw.dll
    + Gestione applicazioni shell	Gestione applicazioni shell	(Verified) Microsoft Windows Publisher	c:\windows\system32\appwiz.cpl
    + Gestore dati dei ritagli di shell	Gestore oggetti dei ritagli di Shell	(Verified) Microsoft Windows Publisher	c:\windows\system32\shscrap.dll
    + Gestore monitor ICM	DLL di interfaccia utente Microsoft Color Matching System	(Verified) Microsoft Windows Publisher	c:\windows\system32\icmui.dll
    + Gestore scanner ICM	DLL di interfaccia utente Microsoft Color Matching System	(Verified) Microsoft Windows Publisher	c:\windows\system32\icmui.dll
    + Gestore stampante ICM	DLL di interfaccia utente Microsoft Color Matching System	(Verified) Microsoft Windows Publisher	c:\windows\system32\icmui.dll
    + Guida in linea e supporto tecnico	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Guida in linea e supporto tecnico	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Hook di tipi di file MIME	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Hook per la ricerca di URL Microsoft	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Immagine di anteprima	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Impostazioni cartella globale	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Indicatore di avanzamento popup	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Internet	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Internet	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Internet Name Space	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + InternetShortcut	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + ISFBand OC	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + IShellFolderBand	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Menu Avvio	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Menu Band	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Menu Desk Bar	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Menu Shell Folder	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Menu Site	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Microsoft Agent Character Property Sheet Handler	Microsoft Agent Property Sheet Handler	(Verified) Microsoft Windows Publisher	c:\windows\msagent\agentpsh.dll
    + Microsoft Browser Architecture	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Microsoft BrowserBand	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Microsoft CopyTo Service	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Microsoft Data Link	Microsoft Data Access - OLE DB Core Services	(Verified) Microsoft Windows Publisher	c:\programmi\file comuni\system\ole db\oledb32.dll
    + Microsoft DocProp Inplace Calendar Control	Microsoft DocProp Shell Ext	(Verified) Microsoft Windows Publisher	c:\windows\system32\docprop2.dll
    + Microsoft DocProp Inplace Droplist Combo Control	Microsoft DocProp Shell Ext	(Verified) Microsoft Windows Publisher	c:\windows\system32\docprop2.dll
    + Microsoft DocProp Inplace Edit Box Control	Microsoft DocProp Shell Ext	(Verified) Microsoft Windows Publisher	c:\windows\system32\docprop2.dll
    + Microsoft DocProp Inplace ML Edit Box Control	Microsoft DocProp Shell Ext	(Verified) Microsoft Windows Publisher	c:\windows\system32\docprop2.dll
    + Microsoft DocProp Inplace Time Control	Microsoft DocProp Shell Ext	(Verified) Microsoft Windows Publisher	c:\windows\system32\docprop2.dll
    + Microsoft DocProp Shell Ext	Microsoft DocProp Shell Ext	(Verified) Microsoft Windows Publisher	c:\windows\system32\docprop2.dll
    + Microsoft MoveTo Service	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Microsoft New Object Service	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Midi Properties Handler	Estensione shell programma di estrazione proprietà file multimediale	(Verified) Microsoft Windows Publisher	c:\windows\system32\shmedia.dll
    + MMC Icon Handler	MMC Shell Extension DLL	(Verified) Microsoft Windows Publisher	c:\windows\system32\mmcshext.dll
    + msonsext.dll			c:\programmi\file comuni\microsoft shared\web folders\msonsext.dll
    + My Bluetooth Places	BTNeighborhood DLL	(Not verified) WIDCOMM, Inc.	c:\windows\system32\btneighborhood.dll
    + MyDocs Copy Hook	UI cartella Documenti	(Verified) Microsoft Windows Publisher	c:\windows\system32\mydocs.dll
    + MyDocs Drop Target	UI cartella Documenti	(Verified) Microsoft Windows Publisher	c:\windows\system32\mydocs.dll
    + MyDocs Properties	UI cartella Documenti	(Verified) Microsoft Windows Publisher	c:\windows\system32\mydocs.dll
    + Offline Files Folder Options	Interfaccia della cache sul lato client	(Verified) Microsoft Windows Publisher	c:\windows\system32\cscui.dll
    + Offline Files Menu	Interfaccia della cache sul lato client	(Verified) Microsoft Windows Publisher	c:\windows\system32\cscui.dll
    + Oggetto Pubblicazione guidata sul Web	Procedura guidata Connetti unità di rete/Risorse di rete	(Verified) Microsoft Windows Publisher	c:\windows\system32\netplwiz.dll
    + olkfstub.dll	Microsoft Outlook Shell Hook for Start/Find	(Not verified) Microsoft Corporation	c:\programmi\microsoft office\office\olkfstub.dll
    + Operazioni pianificate	DLL dell'interfaccia dell'Utilità di pianificazione	(Verified) Microsoft Windows Publisher	c:\windows\system32\mstask.dll
    + Ordinazione di stampe tramite Web	Procedura guidata Connetti unità di rete/Risorse di rete	(Verified) Microsoft Windows Publisher	c:\windows\system32\netplwiz.dll
    + Pagina compatibilità	DLL estensione shell scheda compatibilità	(Verified) Microsoft Windows Publisher	c:\windows\system32\slayerxp.dll
    + Pagina di proprietà di Docfile OLE	Pagina di proprietà di Docfile OLE	(Verified) Microsoft Windows Publisher	c:\windows\system32\docprop.dll
    + Pagina di protezione della stampante	Estensione shell di protezione	(Verified) Microsoft Windows Publisher	c:\windows\system32\rshx32.dll
    + Pagina di protezione DS	Interfaccia utente protezione servizio directory	(Verified) Microsoft Windows Publisher	c:\windows\system32\dssec.dll
    + Pagina di protezione NTFS	Estensione shell di protezione	(Verified) Microsoft Windows Publisher	c:\windows\system32\rshx32.dll
    + Pagina tipi di file	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Parser della barra degli indirizzi	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Periferiche Plug and Play universali	Cartella e monitor cassetto UPNP	(Verified) Microsoft Windows Publisher	c:\windows\system32\upnpui.dll
    + PlusPack CPL Extension	API di Windows Theme	(Verified) Microsoft Windows Publisher	c:\windows\system32\themeui.dll
    + Portable Devices	Portable Devices Shell Extension	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wpdshext.dll
    + Portable Devices Menu	Portable Devices Shell Extension	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wpdshext.dll
    + Portable Media Devices	Portable Media Devices Shell Extension	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\audiodev.dll
    + Posta elettronica	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + PostAgent	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + Previous Versions	Pagina proprietà versioni precedenti	(Verified) Microsoft Windows Publisher	c:\windows\system32\twext.dll
    + Previous Versions Property Page	Pagina proprietà versioni precedenti	(Verified) Microsoft Windows Publisher	c:\windows\system32\twext.dll
    + Profilo ICC	DLL di interfaccia utente Microsoft Color Matching System	(Verified) Microsoft Windows Publisher	c:\windows\system32\icmui.dll
    + Programma di estrazione immagini predefinito per Proprietà	Estensione visualizzazione anteprima	(Not verified) Microsoft Corporation	c:\windows\system32\thumbvw.dll
    + Programma di estrazione pagine HTML in anteprima	Visualizzatore immagini e fax per Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\shimgvw.dll
    + Proprietà dei file Multimedia	Estensioni multimediali della shell	(Verified) Microsoft Windows Publisher	c:\windows\system32\mmsys.cpl
    + Pubblicazione guidata sul Web	Procedura guidata Connetti unità di rete/Risorse di rete	(Verified) Microsoft Windows Publisher	c:\windows\system32\netplwiz.dll
    + Remote Sessions CPL Extension	Remote Sessions CPL Extension	(Verified) Microsoft Windows Publisher	c:\windows\system32\remotepg.dll
    + Ricerca all'interno	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Ricerca Web	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Scanner e fotocamere digitali	Interfaccia utente cartella shell periferiche di acquisizione immagini	(Verified) Microsoft Windows Publisher	c:\windows\system32\wiashext.dll
    + Scanner e fotocamere digitali	Interfaccia utente cartella shell periferiche di acquisizione immagini	(Verified) Microsoft Windows Publisher	c:\windows\system32\wiashext.dll
    + Scanner e fotocamere digitali	Interfaccia utente cartella shell periferiche di acquisizione immagini	(Verified) Microsoft Windows Publisher	c:\windows\system32\wiashext.dll
    + Scanner e fotocamere digitali	Interfaccia utente cartella shell periferiche di acquisizione immagini	(Verified) Microsoft Windows Publisher	c:\windows\system32\wiashext.dll
    + Scanner e fotocamere digitali	Interfaccia utente cartella shell periferiche di acquisizione immagini	(Verified) Microsoft Windows Publisher	c:\windows\system32\wiashext.dll
    + Schermata iniziale applicazioni Internet Explorer 4	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Search Assistant OC	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + SearchBand	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Sendmail service	Invia posta	(Verified) Microsoft Windows Publisher	c:\windows\system32\sendmail.dll
    + Sendmail service	Invia posta	(Verified) Microsoft Windows Publisher	c:\windows\system32\sendmail.dll
    + Servizio automazione della shell	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Servizio Cronologia Url Microsoft	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Servizio di inoltro Microsoft	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Set Program Access and Defaults	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Shell Automation Folder View	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Shell Automation Inproc Service	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Shell Band Site Menu	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Shell DeskBar	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Shell DeskBarApp	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Shell DocObject Viewer	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Shell Extensions for RealOne Player	RealPlayer Shell Extensions	(Not verified) RealNetworks, Inc.	c:\programmi\real\realplayer\rpshell.dll
    + Shell Folder 2 accresciuto	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Shell Folder accresciuto	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Shell Image Data Factory	Visualizzatore immagini e fax per Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\shimgvw.dll
    + Shell Image Property Handler	Visualizzatore immagini e fax per Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\shimgvw.dll
    + Shell Image Verbs	Visualizzatore immagini e fax per Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\shimgvw.dll
    + Shell properties for a DS object	Ricerca del servizio directory	(Verified) Microsoft Windows Publisher	c:\windows\system32\dsquery.dll
    + Shell Rebar BandSite	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Shell Search Band	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Sincronia file	Sincronia file per Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\syncui.dll
    + SlowFile Icon Overlay	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + Stato del download	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Strumenti di amministrazione	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Subscription Mgr	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + Summary Info Thumbnail handler (DOCFILES)	Visualizzatore immagini e fax per Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\shimgvw.dll
    + Tasks Folder Icon Handler	DLL dell'interfaccia dell'Utilità di pianificazione	(Verified) Microsoft Windows Publisher	c:\windows\system32\mstask.dll
    + Tasks Folder Shell Extension	DLL dell'interfaccia dell'Utilità di pianificazione	(Verified) Microsoft Windows Publisher	c:\windows\system32\mstask.dll
    + Tipi di carattere	Cartella Tipi di carattere	(Verified) Microsoft Windows Publisher	c:\windows\system32\fontext.dll
    + Tipi di carattere	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    + Tracking Shell Menu	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + TrayAgent	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + TridentImageExtractor	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Utilità opzioni della struttura del Registro di sistema	Shell Browser UI Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\browseui.dll
    + Video Media Properties Handler	Estensione shell programma di estrazione proprietà file multimediale	(Verified) Microsoft Windows Publisher	c:\windows\system32\shmedia.dll
    + Video Thumbnail Extractor	Estensione shell programma di estrazione proprietà file multimediale	(Verified) Microsoft Windows Publisher	c:\windows\system32\shmedia.dll
    + Wav Properties Handler	Estensione shell programma di estrazione proprietà file multimediale	(Verified) Microsoft Windows Publisher	c:\windows\system32\shmedia.dll
    + WebCheck	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + WebCheck SyncMgr Handler	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + WebCheckChannelAgent	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + WebCheckWebCrawler	Utilità di monitoraggio siti Web	(Verified) Microsoft Windows Publisher	c:\windows\system32\webcheck.dll
    + Windows Media Player Add to Playlist Context Menu Handler	Utilità di avvio di Windows Media Player	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wmpshell.dll
    + Windows Media Player Burn Audio CD Context Menu Handler	Utilità di avvio di Windows Media Player	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wmpshell.dll
    + Windows Media Player Play as Playlist Context Menu Handler	Utilità di avvio di Windows Media Player	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wmpshell.dll
    + WinRAR shell extension			c:\programmi\winrar\rarext.dll
    HKCU\Software\Classes\Folder\Shellex\ColumnHandlers			
    HKLM\Software\Classes\Folder\Shellex\ColumnHandlers			
    + PDF Shell Extension	PDF Shell Extension	(Not verified) Adobe Systems, Inc.	c:\programmi\adobe\acrobat 7.0\activex\pdfshell.dll
    + {0D2E74C4-3C34-11d2-A27E-00C04FC30871}	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + {24F14F01-7B1C-11d1-838f-0000F80461CF}	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + {24F14F02-7B1C-11d1-838f-0000F80461CF}	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + {66742402-F9B9-11D1-A202-0000F81FEDEE}	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    HKCU\Software\Microsoft\Ctf\LangBarAddin			
    HKLM\Software\Microsoft\Ctf\LangBarAddin			
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects			
    + Adobe PDF Reader Link Helper	Adobe Acrobat IE Helper Version 7.0 for ActiveX	(Verified) Adobe Systems, Incorporated	c:\programmi\adobe\acrobat 7.0\activex\acroiehelper.dll
    HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks			
    + shdocvw.dll	Shell Doc Object e Control Library	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shdocvw.dll
    HKLM\Software\Microsoft\Internet Explorer\Toolbar			
    + yt.dll	Yahoo! Toolbar	(Verified) Yahoo! Inc.	c:\programmi\yahoo!\companion\installs\cpn\yt.dll
    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars			
    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars			
    HKCU\Software\Microsoft\Internet Explorer\Extensions			
    + Alice			File not found: http://gw.aliceadsl.it/alice
    + McAfee Visual Trace			c:\programmi\visualtrace\ntxtoolbar.htm
    HKLM\Software\Microsoft\Internet Explorer\Extensions			
    + @btrez.dll,-4017			c:\programmi\widcomm\bluetooth software\btsendto_ie.htm
    + Windows Messenger	Windows Messenger	(Verified) Microsoft Windows XP Publisher	c:\programmi\messenger\msmsgs.exe
    Task Scheduler			
    + Avvio ottimizzazione applicazione.job			File not found: walign
    + Disinstalla Promemoria scadenza.job	Messaggio promemoria di OOBE di Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\oobe\oobebaln.exe
    + TASK20040816144127.job	WS_FTP Pro Application	(Not verified) Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421	c:\programmi\ws_ftp pro\wsftppro.exe
    HKLM\System\CurrentControlSet\Services			
    + Ati HotKey Poller		(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\ati2evxx.exe
    + ATI Smart	ATI Smart		c:\windows\system32\ati2sgag.exe
    + AudioSrv	Gestisce periferiche audio per programmi basati su Windows. Se il servizio è stato arrestato, le periferiche audio e gli effetti non funzioneranno correttamente. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\audiosrv.dll
    + AVP	Protegge contro virus e spyware, attacchi degli hacker, cyber-crime e spam.	(Not verified) Kaspersky Lab	c:\programmi\kaspersky lab\kaspersky internet security 6.0\avp.exe
    + BthServ	Bluetooth Support Service	(Verified) Microsoft Windows Publisher	c:\windows\system32\bthserv.dll
    + btwdins	Bluetooth Support Server	(Not verified) WIDCOMM, Inc.	c:\programmi\widcomm\bluetooth software\bin\btwdins.exe
    + CryptSvc	Fornisce tre servizi di gestione: il servizio Database catalogo, che serve per confermare le firme dei file di Windows; il servizio Archivio principale protetto, per aggiungere e rimuovere dal computer i certificati dell'autorità di certificazione delle fonti attendibili; e il servizio Chiave, che aiuta a registrare i certificati nel computer. Se questo servizio è interrotto, i servizi di gestione non funzioneranno in modo corretto. Se il servizio è disabilitato, tutti i servizi che dipendono direttamente da questo non potranno essere avviati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\cryptsvc.dll
    + DcomLaunch	Fornisce funzionalità di avvio per i servizi DCOM.	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\rpcss.dll
    + Dhcp	Gestisce la configurazione di rete registrando e aggiornando indirizzi IP e nomi DNS.	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\dhcpcsvc.dll
    + dmserver	Rileva e controlla le nuove unità disco rigido e invia informazioni sul volume del disco al Servizio amministrativo di Gestione disco logico per la configurazione. Se il servizio è stato arrestato, lo stato del disco dinamico e le informazioni di configurazione potrebbero non essere aggiornate. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\dmserver.dll
    + Dnscache	Risolve e salva nella cache nomi DNS per il computer. Se il servizio è stato arrestato, il computer non sarà in grado di risolvere i nomi DNS e di individuare i controller di dominio Active Directory. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\dnsrslvr.dll
    + EpsonBidirectionalService			c:\programmi\file comuni\epson\ebapi\eebsvc.exe
    + ERSvc	Consente la segnalazione di errori per servizi e applicazioni eseguiti in ambienti non standard.	(Verified) Microsoft Windows Publisher	c:\windows\system32\ersvc.dll
    + Eventlog	Abilita i messaggi del registro eventi rilasciati dai programmi di Windows e rende possibile la visualizzazione dei componenti in Visualizzatore eventi. Impossibile interrompere questo servizio.	(Verified) Microsoft Windows Publisher	c:\windows\system32\services.exe
    + helpsvc	Consente l'esecuzione di Guida in linea e supporto tecnico. Se il servizio è arrestato, Guida in linea e supporto tecnico non è disponibile. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Publisher	c:\windows\pchealth\helpctr\binaries\pchsvc.dll
    + lanmanserver	Supporta la condivisione in rete di file, stampa e named-pipe per il computer in uso. Se il servizio è stato arrestato, queste funzionalità non saranno disponibili. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\srvsvc.dll
    + lanmanworkstation	Crea e mantiene le connessioni di rete tra client e server remoti. Se il servizio è stato arrestato, le connessioni non saranno disponibili. Se il servizio è stato disabilitato, i servizi esplicitamente dipendenti da esso non verranno avviati.	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wkssvc.dll
    + LmHosts	Attiva il servizio Supporto NetBIOS su TCP/IP (NetBT) e risoluzione nomi NetBIOS.	(Verified) Microsoft Windows Publisher	c:\windows\system32\lmhsvc.dll
    + PlugPlay	Abilita un computer a riconoscere e adattarsi alle modifiche hardware con il minimo input da parte dell'utente o senza alcun input. Se il servizio viene arrestato o disabilitato, il sistema diventerà instabile.	(Verified) Microsoft Windows Publisher	c:\windows\system32\services.exe
    + PolicyAgent	Gestisce la protezione IP e avvia ISAKMP/Oakley (IKE) e il driver di protezione IP.	(Verified) Microsoft Windows Publisher	c:\windows\system32\lsass.exe
    + ProtectedStorage	Fornisce l'archiviazione protetta per dati importanti, come chiavi private, per evitare l'accesso di servizi, processi, utenti non autorizzati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\lsass.exe
    + RemoteRegistry	Abilita gli utenti remoti alla modifica delle impostazioni del Registro di sistema del computer in uso. Se il servizio è stato arrestato, il Registro di sistema potrà essere modificato soltanto dagli utenti del computer. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\regsvc.dll
    + RpcSs	Fornisce il mapper dell'endpoint e altri servizi RPC.	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\rpcss.dll
    + SamSs	Archivia le informazioni di protezione per gli account utenti locali.	(Verified) Microsoft Windows Publisher	c:\windows\system32\lsass.exe
    + Schedule	Abilita l'utente a configurare e pianificare operazioni automatizzate sul computer in uso. Se il servizio è stato arrestato, le operazioni non verranno eseguite secondo gli orari pianificati. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\schedsvc.dll
    + seclogon	Abilita l'avvio di processi con credenziali alternative. Se il servizio è stato arrestato, questo tipo di accesso non sarà disponibile. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\seclogon.dll
    + SENS	Registra eventi di sistema come accessi a Windows, eventi di rete e alimentazione. Notifica questi eventi ai sottoscrittori COM+ Event System.	(Verified) Microsoft Windows Publisher	c:\windows\system32\sens.dll
    + SharedAccess	Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale.	(Verified) Microsoft Windows Publisher	c:\windows\system32\ipnathlp.dll
    + ShellHWDetection	Dll di servizi shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shsvcs.dll
    + SoundMAX Agent Service (default)	SoundMAX service agent component	(Not verified) Analog Devices, Inc.	c:\programmi\analog devices\soundmax\smagent.exe
    + Spooler	Carica i file in memoria per stampare in un secondo momento.	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\spoolsv.exe
    + srservice	Esegue le funzioni di ripristino del sistema. Per interrompere il servizio, disattivare Ripristino configurazione di sistema nella scheda Ripristino configurazione di sistema in Risorse del computer->Proprietà	(Verified) Microsoft Windows Publisher	c:\windows\system32\srsvc.dll
    + stisvc	Fornisce servizi di acquisizione immagini per scanner e fotocamere.	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wiaservc.dll
    + Themes	Consente la gestione dei temi.	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shsvcs.dll
    + TrkWks	Gestisce collegamenti tra file NTFS in un computer o tra più computer in un dominio di rete.	(Verified) Microsoft Windows Publisher	c:\windows\system32\trkwks.dll
    + W32Time	Assicura la sincronizzazione data e ora su tutti i client e i server della rete. Se il servizio viene interrotto, la sincronizzazione data e ora non sarà disponibile. Se questo servizio è disattivato, non potrà essere avviato alcun servizio che dipende direttamente da esso.	(Verified) Microsoft Windows Publisher	c:\windows\system32\w32time.dll
    + WebClient	Abilita i programmi basati su Windows per creare, accedere e modificare i file basati su Internet. Se il servizio è stato arrestato, queste funzionalità non saranno disponibili. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\webclnt.dll
    + winmgmt	Fornisce un modello di interfacce e di oggetti comune per accedere alle informazioni di gestione sul sistema operativo, le periferiche, le applicazioni e i servizi. Se il servizio viene interrotto, la maggior parte del software basato su Windows non funzionerà in modo corretto. Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Publisher	c:\windows\system32\wbem\wmisvc.dll
    + wscsvc	Effettua il monitoraggio delle impostazioni e delle configurazioni di protezione del computer.	(Verified) Microsoft Windows Publisher	c:\windows\system32\wscsvc.dll
    + wuauserv	Consente il download e l'installazione di aggiornamenti da Windows Update. Se il servizio è disabilitato, il computer non sarà in grado di utilizzare la funzionalità Aggiornamenti automatici né il sito Web Windows Update.	(Verified) Microsoft Windows Publisher	c:\windows\system32\wuauserv.dll
    + WZCSVC	Fornisce la configurazione automatica per le schede 802.11	(Verified) Microsoft Windows Publisher	c:\windows\system32\wzcsvc.dll
    HKLM\System\CurrentControlSet\Services			
    + ACPI	Driver ACPI per NT	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\acpi.sys
    + ADILOADER	adi loader	(Not verified) Analog Deivces	c:\windows\system32\drivers\adildr.sys
    + adiusbaw	ADSL USB Driver	(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\drivers\adiusbaw.sys
    + aeaudio	Andrea Audio Stub Driver	(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\drivers\aeaudio.sys
    + aec	Microsoft Acoustic Echo Canceller	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\drivers\aec.sys
    + AFD	Ambiente supporto di rete AFD	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\afd.sys
    + agp440	440 NT AGP Filter	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\agp440.sys
    + AsyncMac	Driver per supporti asincroni RAS	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\asyncmac.sys
    + atapi	IDE/ATAPI Port Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\atapi.sys
    + ati2mtag	ATI Radeon WindowsNT Miniport Driver	(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\drivers\ati2mtag.sys
    + ATICDSDr			File not found: C:\DOCUME~1\Nome\IMPOST~1\Temp\ATICDSDr.sys
    + Atmarpc	Protocollo client ARP ATM	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\atmarpc.sys
    + audstub	AudStub Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\audstub.sys
    + b57w2k	Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.	(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\drivers\b57xp32.sys
    + BtAudio	Bluetooth Audio	(Not verified) WIDCOMM, Inc.	c:\windows\system32\drivers\btaudio.sys
    + BTDriver	Bluetooth BTPORT Driver for Windows 2000	(Not verified) WIDCOMM, Inc.	c:\windows\system32\drivers\btport.sys
    + BthEnum	Bluetooth Bus Extender	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\bthenum.sys
    + BthPan	Periferica Bluetooth (Personal Area Network)	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\bthpan.sys
    + BTHPORT	Driver bus Bluetooth	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\bthport.sys
    + BTHUSB	Bluetooth Miniport Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\bthusb.sys
    + BTKRNL	Bluetooth Protocol Driver for Windows 2000	(Not verified) WIDCOMM, Inc.	c:\windows\system32\drivers\btkrnl.sys
    + BTSERIAL			c:\windows\system32\drivers\btserial.sys
    + BTSLBCSP	Bluetooth Serial Driver for Windows 2000	(Not verified) WIDCOMM, Inc.	c:\windows\system32\drivers\btslbcsp.sys
    + BTWDNDIS	Bluetooth LAN Access Server Driver	(Not verified) WIDCOMM, Inc.	c:\windows\system32\drivers\btwdndis.sys
    + BTWUSB	Driver for Bluetooth USB Devices	(Not verified) WIDCOMM, Inc.	c:\windows\system32\drivers\btwusb.sys
    + CCDECODE	WDM Closed Caption VBI Codec	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ccdecode.sys
    + Cdrom	SCSI CD-ROM Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\cdrom.sys
    + Disk	PnP Disk Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\disk.sys
    + dmio	Driver di I/O di Gestione dischi di NT	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\dmio.sys
    + dmload	NT Disk Manager Startup Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\dmload.sys
    + DMusic	Microsoft Kernel DLS Synthesizer	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\dmusic.sys
    + drmkaud	Microsoft Kernel DRM Audio Descrambler Filter	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\drmkaud.sys
    + fasttx2k	Promise FastTrak Series Driver for WindowsXP	(Not verified) Promise Technology, Inc.	c:\windows\system32\drivers\fasttx2k.sys
    + Fdc	Floppy Disk Controller Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\fdc.sys
    + Flpydisk	Floppy Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\flpydisk.sys
    + Ftdisk	Driver FT del disco	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ftdisk.sys
    + gameenum	Game Port Enumerator	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\gameenum.sys
    + GcKernel	SideWinder Value Add Filter Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\gckernel.sys
    + Gpc	Utilità di classificazione pacchetti generica	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\msgpc.sys
    + hidgame	HidGame Library	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\hidgame.sys
    + HIDSwvd	SideWinder Virtual Device HID Mini-Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\hidswvd.sys
    + HidUsb	USB Miniport Driver for Input Devices	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\hidusb.sys
    + HTTP	Questo servizio implementa il protocollo di trasferimento HyperText (HTTP). Se il servizio è disabilitato, i servizi da esso dipendenti non verranno avviati.	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\drivers\http.sys
    + i8042prt	Driver della porta i8042	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\i8042prt.sys
    + IdeBusDr	Intel Application Accelerator Driver	(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\drivers\idebusdr.sys
    + IdeChnDr	Intel Application Accelerator Driver	(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\drivers\idechndr.sys
    + Imapi	IMAPI Kernel Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\imapi.sys
    + IntelIde	Driver PCI IDE Intel	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\intelide.sys
    + intelppm	Driver di periferica processore	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\intelppm.sys
    + ip6fw	Fornisce servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale.	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ip6fw.sys
    + IpFilterDriver	Driver filtro traffico IP	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ipfltdrv.sys
    + IpInIp	Driver tunnel IP in IP	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ipinip.sys
    + IpNat	Traduttore indirizzi di rete IP	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\drivers\ipnat.sys
    + IPSec	Driver IPSEC	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ipsec.sys
    + IRENUM	Infra-Red Bus Enumerator	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\irenum.sys
    + isapnp	Driver bus PNP ISA	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\isapnp.sys
    + Kbdclass	Driver classe tastiera	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\kbdclass.sys
    + kbdhid	Driver del filtro del mouse HID	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\kbdhid.sys
    + kl1	Kl1	(Verified) Kaspersky Lab	c:\windows\system32\drivers\kl1.sys
    + klif	Klif	(Not verified) Kaspersky Lab	c:\windows\system32\drivers\klif.sys
    + kmixer	Kernel Mode Audio Mixer	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\drivers\kmixer.sys
    + MODEMCSA	Unimodem CSA Filter	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\modemcsa.sys
    + Mouclass	Driver Mouse Class	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\mouclass.sys
    + MSKSSRV	MS KS Server	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\mskssrv.sys
    + MSPCLOCK	MS Proxy Clock	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\mspclock.sys
    + MSPQM	MS Proxy Quality Manager	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\mspqm.sys
    + mssmbios	System Management BIOS Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\mssmbios.sys
    + MSTEE	WDM Tee/Communication Transform Filter 	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\mstee.sys
    + NABTSFEC	WDM NABTS/FEC VBI Codec	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\nabtsfec.sys
    + NdisIP	Microsoft IP Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ndisip.sys
    + NdisTapi	Driver TAPI NDIS di accesso remoto	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ndistapi.sys
    + Ndisuio	Protocollo I/O modalità utente su NDIS	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ndisuio.sys
    + NdisWan	Driver WAN NDIS di accesso remoto	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ndiswan.sys
    + NetBT	NetBios su Tcpip	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\netbt.sys
    + NwlnkFlt	Driver filtro traffico IPX	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\nwlnkflt.sys
    + NwlnkFwd	Driver inoltratore traffico IPX	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\nwlnkfwd.sys
    + Parport	Driver della porta parallela	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\parport.sys
    + PavSRK.sys			File not found: C:\WINDOWS\system32\PavSRK.sys
    + PavTPK.sys			File not found: C:\WINDOWS\system32\PavTPK.sys
    + PCI	Enumeratore PCI Plug and Play per NT	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\pci.sys
    + PCIIde	Driver bus PCI IDE generico	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\pciide.sys
    + pfc	Padus(R) ASPI Shell	(Not verified) Padus, Inc.	c:\windows\system32\drivers\pfc.sys
    + PptpMiniport	WAN Miniport (PPTP)	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\raspptp.sys
    + Processor	Driver di periferica processore	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\processr.sys
    + Ptilink	Driver Direct Parallel Link	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\ptilink.sys
    + RasAcd	Driver connessione automatica Accesso remoto	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\rasacd.sys
    + Rasl2tp	WAN Miniport (L2TP)	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\rasl2tp.sys
    + RasPppoe	Driver PPPOE di accesso remoto	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\raspppoe.sys
    + Raspti	Direct Parallel	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\raspti.sys
    + RDPCDD	RDP Miniport	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\rdpcdd.sys
    + rdpdr	Microsoft RDP Device redirector	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\rdpdr.sys
    + redbook	Driver del filtro audio Redbook	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\redbook.sys
    + RFCOMM	Periferica Bluetooth (RFCOMM protocollo TDI)	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\rfcomm.sys
    + Secdrv	SafeDisc driver	(Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.	c:\windows\system32\drivers\secdrv.sys
    + serenum	Serial Port Enumerator	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\serenum.sys
    + Serial	Driver della periferica seriale	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\serial.sys
    + sermouse	Driver filtro mouse seriale	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\sermouse.sys
    + SLIP	Microsoft Slip Deframing Filter Minidriver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\slip.sys
    + smwdm	SoundMAX Integrated Digital Audio 	(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\drivers\smwdm.sys
    + splitter	Microsoft Kernel Audio Splitter	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\drivers\splitter.sys
    + streamip	Microsoft IP Test Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\streamip.sys
    + swenum	Plug and Play Software Device Enumerator	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\swenum.sys
    + swmidi	Microsoft GS Wavetable Synthesizer	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\swmidi.sys
    + sysaudio	System Audio WDM Filter	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\sysaudio.sys
    + Tcpip	Driver protocollo TCP/IP	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\drivers\tcpip.sys
    + TermDD	Terminal Server Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\termdd.sys
    + Update	Update Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\update.sys
    + usbehci	EHCI eUSB Miniport Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\usbehci.sys
    + usbhub	Default Hub Driver for USB	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\usbhub.sys
    + usbscan	USB Scanner Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\usbscan.sys
    + USBSTOR	USB Mass Storage Class Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\usbstor.sys
    + usbuhci	UHCI USB Miniport Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\usbuhci.sys
    + VgaSave	Controlla la scheda video VGA per fornire funzionalità di visualizzazione di base.	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\vga.sys
    + vsdatant	TrueVector Device Driver	(Verified) Check Point Software Technologies Inc.	c:\windows\system32\vsdatant.sys
    + Wanarp	Driver ARP IP di accesso remoto	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\wanarp.sys
    + wdmaud	MMSYSTEM Wave/Midi API mapper	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\drivers\wdmaud.sys
    + WSTCODEC	WDM WST Codec Driver	(Verified) Microsoft Windows Publisher	c:\windows\system32\drivers\wstcodec.sys
    + WudfPf	Provide communciation services for UMDF components.	(Verified) Microsoft Windows	c:\windows\system32\drivers\wudfpf.sys
    + WudfRd	Reflect device requests to user-mode driver drivers	(Verified) Microsoft Windows	c:\windows\system32\drivers\wudfrd.sys
    HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute			
    + autocheck autochk *	Programma di utilità Auto Check	(Verified) Microsoft Windows Publisher	c:\windows\system32\autochk.exe
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options			
    + explorer.exe			c:\windows\system32\fjijmstv.log
    + Your Image File Name Here without a path	Symbolic Debugger for Windows 2000	(Verified) Microsoft Windows Publisher	c:\windows\system32\ntsd.exe
    HKLM\Software\Microsoft\Command Processor\Autorun			
    HKCU\Software\Microsoft\Command Processor\Autorun			
    HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)			
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls			
    HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls			
    + advapi32	API Windows 32 Base avanzato	(Verified) Microsoft Windows Publisher	c:\windows\system32\advapi32.dll
    + comdlg32	DLL delle finestre di dialogo comuni	(Verified) Microsoft Windows Publisher	c:\windows\system32\comdlg32.dll
    + gdi32	GDI Client DLL	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\gdi32.dll
    + imagehlp	Windows NT Image Helper	(Verified) Microsoft Windows Publisher	c:\windows\system32\imagehlp.dll
    + kernel32	DLL client di Windows NT BASE API	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\kernel32.dll
    + lz32	LZ Expand/Compress API DLL	(Verified) Microsoft Windows Publisher	c:\windows\system32\lz32.dll
    + ole32	Microsoft OLE per Windows	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\ole32.dll
    + oleaut32		(Verified) Microsoft Windows Publisher	c:\windows\system32\oleaut32.dll
    + olecli32	Libreria client per il collegamento e incorporamento di oggetti	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\olecli32.dll
    + olecnv32	Microsoft OLE for Windows	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\olecnv32.dll
    + olesvr32	Object Linking and Embedding Server Library	(Verified) Microsoft Windows Publisher	c:\windows\system32\olesvr32.dll
    + olethk32	Microsoft OLE for Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\olethk32.dll
    + rpcrt4	Remote Procedure Call Runtime	(Verified) Microsoft Windows Publisher	c:\windows\system32\rpcrt4.dll
    + shell32	DLL comune della shell di Windows	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\shell32.dll
    + url	DLL estensione della shell del collegamento Internet	(Verified) Microsoft Windows Publisher	c:\windows\system32\url.dll
    + urlmon	Estensioni OLE32 per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\urlmon.dll
    + user32	Windows XP USER API Client DLL	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\user32.dll
    + version	Version Checking and File Installation Libraries	(Verified) Microsoft Windows Publisher	c:\windows\system32\version.dll
    + wininet	Internet Extensions per Win32	(Verified) Microsoft Windows Component Publisher	c:\windows\system32\wininet.dll
    + wldap32	Win32 LDAP API DLL	(Verified) Microsoft Windows Publisher	c:\windows\system32\wldap32.dll
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System			
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost			
    + logonui.exe	Windows Logon UI	(Verified) Microsoft Windows Publisher	c:\windows\system32\logonui.exe
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify			
    + AtiExtEvent		(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\ati2evxx.dll
    + crypt32chain	Crypto API32	(Verified) Microsoft Windows Publisher	c:\windows\system32\crypt32.dll
    + cryptnet	Crypto Network Related API	(Verified) Microsoft Windows Publisher	c:\windows\system32\cryptnet.dll
    + cscdll	Agente rete disconnessa	(Verified) Microsoft Windows Publisher	c:\windows\system32\cscdll.dll
    + klogon	Logon Visualizer	(Not verified) Kaspersky Lab	c:\windows\system32\klogon.dll
    + ScCertProp	DLL comune per ricevere le notifiche di Winlogon	(Verified) Microsoft Windows Publisher	c:\windows\system32\wlnotify.dll
    + Schedule	DLL comune per ricevere le notifiche di Winlogon	(Verified) Microsoft Windows Publisher	c:\windows\system32\wlnotify.dll
    + sclgntfy	DLL di notifica del Servizio di accesso secondario	(Verified) Microsoft Windows Publisher	c:\windows\system32\sclgntfy.dll
    + SensLogn	DLL comune per ricevere le notifiche di Winlogon	(Verified) Microsoft Windows Publisher	c:\windows\system32\wlnotify.dll
    + termsrv	DLL comune per ricevere le notifiche di Winlogon	(Verified) Microsoft Windows Publisher	c:\windows\system32\wlnotify.dll
    + wlballoon	DLL comune per ricevere le notifiche di Winlogon	(Verified) Microsoft Windows Publisher	c:\windows\system32\wlnotify.dll
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL			
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman			
    HKCU\Control Panel\Desktop\Scrnsave.exe			
    HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName			
    HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9			
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B6FDE0A-8824-437F-8D99-C1FD002C7F29}] DATAGRAM 3	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B6FDE0A-8824-437F-8D99-C1FD002C7F29}] SEQPACKET 3	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{4FCEBB5D-96EC-46F1-A200-42E0E170F314}] DATAGRAM 7	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{4FCEBB5D-96EC-46F1-A200-42E0E170F314}] SEQPACKET 7	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{6F9AEAF0-A87B-47CC-B3D9-CBA86472BF6D}] DATAGRAM 2	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{6F9AEAF0-A87B-47CC-B3D9-CBA86472BF6D}] SEQPACKET 2	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{8CFF3BD4-F983-4DFC-B2A3-198513FB1676}] DATAGRAM 0	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{8CFF3BD4-F983-4DFC-B2A3-198513FB1676}] SEQPACKET 0	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{C69865F9-F37C-4B95-9578-BE912622087C}] DATAGRAM 4	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{C69865F9-F37C-4B95-9578-BE912622087C}] SEQPACKET 4	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{CFE5C3DA-0FA8-40E9-B572-EA1B21FFC2F9}] DATAGRAM 5	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{CFE5C3DA-0FA8-40E9-B572-EA1B21FFC2F9}] SEQPACKET 5	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3A57132-00EF-4308-B954-67CE03129104}] DATAGRAM 6	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3A57132-00EF-4308-B954-67CE03129104}] SEQPACKET 6	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{DDA26225-588B-4AE3-86F9-63D1A972FEFF}] DATAGRAM 1	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD NetBIOS [\Device\NetBT_Tcpip_{DDA26225-588B-4AE3-86F9-63D1A972FEFF}] SEQPACKET 1	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD RfComm [Bluetooth]	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD Tcpip [RAW/IP]	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD Tcpip [TCP/IP]	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + MSAFD Tcpip [UDP/IP]	Service Provider Microsoft Windows Sockets 2.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\mswsock.dll
    + RSVP TCP Service Provider	Microsoft Windows Rsvp 1.0 Service Provider	(Verified) Microsoft Windows Publisher	c:\windows\system32\rsvpsp.dll
    + RSVP UDP Service Provider	Microsoft Windows Rsvp 1.0 Service Provider	(Verified) Microsoft Windows Publisher	c:\windows\system32\rsvpsp.dll
    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors			
    + BJ Language Monitor	Langage Monitor for Canon Bubble-Jet Printer	(Verified) Microsoft Windows Publisher	c:\windows\system32\cnbjmon.dll
    + Bluetooth Printer Port	bthcrp DLL	(Not verified) WIDCOMM, Inc.	c:\windows\system32\bthcrp.dll
    + EPSON V3 2KMonitor397	EPSON Bidirectional Monitor	(Verified) Microsoft Windows Hardware Compatibility Publisher	c:\windows\system32\e_sl2397.dll
    + Local Port	DLL dello spooler locale	(Verified) Microsoft Windows Publisher	c:\windows\system32\localspl.dll
    + PJL Language Monitor	PJL Language monitor	(Verified) Microsoft Windows Publisher	c:\windows\system32\pjlmon.dll
    + Standard TCP/IP Port	Standard TCP/IP Port Monitor DLL	(Verified) Microsoft Windows Publisher	c:\windows\system32\tcpmon.dll
    + USB Monitor	Standard Dynamic Printing Port Monitor DLL	(Verified) Microsoft Windows Publisher	c:\windows\system32\usbmon.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders			
    + digest.dll	Pacchetto autenticazione SSPI Digest	(Verified) Microsoft Windows Publisher	c:\windows\system32\digest.dll
    + msapsspc.dll	Client DPA per piattaforme a 32 bit	(Verified) Microsoft Windows Publisher	c:\windows\system32\msapsspc.dll
    + msnsspc.dll	MSN Internet Access	(Verified) Microsoft Windows Publisher	c:\windows\system32\msnsspc.dll
    + schannel.dll	TLS / SSL Security Provider	(Verified) Microsoft Windows Publisher	c:\windows\system32\schannel.dll
    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages			
    + msv1_0	Microsoft Authentication Package v1.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\msv1_0.dll
    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages			
    + scecli	Modulo di gestione client dell'Editor di configurazione della protezione di Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\scecli.dll
    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages			
    + kerberos	Kerberos Security Package	(Verified) Microsoft Windows XP Publisher	c:\windows\system32\kerberos.dll
    + msv1_0	Microsoft Authentication Package v1.0	(Verified) Microsoft Windows Publisher	c:\windows\system32\msv1_0.dll
    + schannel	TLS / SSL Security Provider	(Verified) Microsoft Windows Publisher	c:\windows\system32\schannel.dll
    + wdigest	Microsoft Digest Access	(Verified) Microsoft Windows Publisher	c:\windows\system32\wdigest.dll
    HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order			
    + LanmanWorkstation	Rete di Microsoft Windows	(Verified) Microsoft Windows Publisher	c:\windows\system32\ntlanman.dll
    + RDPNP	Servizi terminal Microsoft	(Verified) Microsoft Windows Publisher	c:\windows\system32\drprov.dll
    + WebClient	Web Client Network	(Verified) Microsoft Windows Publisher	c:\windows\system32\davclnt.dll

  7. #7
    Einsteiger
    Registriert seit
    23.05.2007
    Beiträge
    19

    message for Karl83 from Cretemonster

    Hi Karl, here follows the message of Cretemonster,the one who has examined the infected file

    Cretemonster
    Authorized Users

    Offline

    Posts: 39


    Re: http://forum.hijackthis.de/showthread.php?t=23103
    « Reply #1 on: May 24, 2007, 12:41:44 » Quote

    --------------------------------------------------------------------------------
    Heh, Its LinkO

    Using ImageFileExecution and explorer.exe=debugger (filename.old)

    Not sure whatelse its doing but Andy has his own removal tool and I think Prevx can deal with this one.

    Karl,can u get this one to MWR?
    Geändert von flyingfish (02.06.2007 um 16:43 Uhr)

  8. #8
    Einsteiger
    Registriert seit
    23.05.2007
    Beiträge
    19

    Ausrufezeichen Can anybody reply please?

    I'v posted a first message on may 23 ( http://forum.hijackthis.de/showthread.php?t=23103 )

    but I had no further instruction on how to proceed now.

    I'm almost at the end of this nightmare, but I don't know how to go on!
    What should I do now?

    Please take a look to the original message by clicking the link up here and tell me what to do next.

    The last reply comes from "Cretemonster" Authorized Users of www.thespykiller.co.uk

    Will you help me please?

    What if I just remove the hijacker key from the Registry? Will the PC starts or not?

    Please assist!
    Thanks a lot.

  9. #9
    Ehrenmitglied Avatar von Karl
    Registriert seit
    01.12.2005
    Ort
    Berlin
    Beiträge
    8.393

    AW: Can anybody reply please?

    I'm not sure about it, best will be to try it. You would have to remove the entire "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe" key with its contents.

  10. #10
    Einsteiger
    Registriert seit
    23.05.2007
    Beiträge
    19

    Daumen hoch Thanks Karl83

    Hi,

    Yes, I was going to try...and I'll do it, after a backup and a copy of the registry of course.

    However there is a new: with the last updates kaspersky recognise fjijmstv.log like a trojan.win32.obfuscated.fp and it cannot be cleaned but only removed.

    I know that if I remove it, the sys will not completely start, and only the desktop will appear.

    So the only thing I can do right now is trying to remove the key, but how? Using regedit is useless because I have an access violation.
    Do you think unchecking the key with autoruns.exe will remove it? Or do you have a better solution?

    Thank for assistance, bye.
    Geändert von flyingfish (12.06.2007 um 09:21 Uhr) Grund: Update

Seite 1 von 3 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Malware not found by HijackThis
    Von Unregistered im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 27.04.2006, 01:16
  2. Autochk.exe not found
    Von Jean-Paul im Forum Archiv
    Antworten: 19
    Letzter Beitrag: 16.11.2005, 18:19
  3. New worm Zotob found
    Von Marc im Forum Sicherheits-News
    Antworten: 1
    Letzter Beitrag: 22.08.2005, 05:22
  4. Please Help: Dialer found :(
    Von Unregistriert im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 10.06.2005, 08:19
  5. found virus
    Von RobEwry im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 05.04.2005, 21:26

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •