aiuto

[tower]

ciao a tutti spero mi potrete aiutare..è un mese che quando eseguo la scansione con antivir mi dice alla fine che ci sono dei file che no possono essere aperti,cosa dovrei fare?

ecco il log:
Starting the file scan:

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\DEFAULT
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SOFTWARE
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SYSTEM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\NTUSER.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\ntuser.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\Impostazioni locali\Temp\me_geugq3wMo83bVQo
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\Impostazioni locali\Temp\me_SVxMOvYUV82ji5V
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\Impostazioni locali\Temp\me_owQqzfnyai8APOW
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\Impostazioni locali\Temp\me_h5Yax35so72VwGK
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\Impostazioni locali\Temp\me_KcoqPRtTPbtSxAI
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\Impostazioni locali\Temp\ewido_quarantine\fil1BD00A79.dat
[0] Archive type: GZ
--> fil1BD00A79
[DETECTION] Is the Trojan horse TR/Agent.aox
[INFO] The file was deleted!
C:\Documents and Settings\fabio\Impostazioni locali\Temp\ewido_quarantine\fil9E46E584.dat
[0] Archive type: GZ
--> fil9E46E584
[DETECTION] Is the Trojan horse TR/Agent.aox
[INFO] The file was deleted!
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\fabio\Documenti\EA Games\The Sims 2\Neighborhoods\N004\Characters\NB
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000034.FCS
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat
[WARNING] The file could not be opened!
C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx
[WARNING] The file could not be opened!

come posso risolvere il problema?
grazie in anticipo!

[tower]

non mi vuole bene nessuno in questo forum???

[danieleg]

non mi vuole bene nessuno in questo forum???

Su dai, non piangere, tutti ti amiamo alla follia, ma oggi è domenica e i veri esperti probabilmente sono a spasso con la famiglia.
Aspetta Lunedì e vedrai...

[andorra24]

E' normale che molti files non vengano aperti dall'antivirus. Si tratta in gran parte di files in uso dal sistema operativo oppure files protetti da password.

Vedo che ci sono anche alcuni files nella cartella temp.
Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei di windows e IE)
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!"

[tower]

grazie del supporto!

[tower]

scusate se vi rompo ancora le scatole,ma ho un altro problema:ho cancellato i file temp con atf cleaner e poi ho eseguito una scansione con ewido antispywere il quale trova questo file: C:\WINDOWS\ssbsd1.dll e lo classifica come adwere.fleshkin tuttavia mi dice che c'è un errore ogni qualvolta tento di muoverlo in quarantena o di cancellarlo...allora ho provato ad eliminarlo con delete doctor ma nulla da fare..nè sul momento nè dopo il riavvio.ho provato pure killbox ma nulla ugualmente....
che diavolo posso fare ora?? sembra non voler andarsene!
help me pleaz!

[Luke57]

Ciao, sospetto un'infezione da linkoptimizer; allora
scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.

[tower]

come mi hai detto ho scaricato gmer...
ho eseguito le scansioni,ecco la prima:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-10 20:18:00
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\ssbsd1.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3404] 0x012D0000 <-- ROOTKIT !!!
Library C:\WINDOWS\ssbsd1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [4092] 0x01100000 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\WINDOWS\com6.tqr
File C:\WINDOWS\ssbsd1.dll

---- EOF - GMER 1.0.10 ----

e questa è la seconda:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-10 20:28:31
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\ssbsd1.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3404] 0x012D0000 <-- ROOTKIT !!!
Library C:\WINDOWS\ssbsd1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [4092] 0x01100000 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\WINDOWS\com6.tqr
File C:\WINDOWS\ssbsd1.dll

---- EOF - GMER 1.0.10 ----

cosa si può fare??

[Franz!]

aggiornare a sp2?

[tower]

ehmm...se me lo spieghi...magari lo faccio(sonmo un pò ignorantello )

[Luke57]

Ciao, esegui questo tool:
http://info.prevx.com/download.asp?grab=GROMOZONREMTOOL
disattiva l'antivirus, programmi e applicazioni chiusi, lanci il tool. Al riavvio del computer, il programma terminerà la scansione nelle cartelle di windows. Al termine della scansione, in C:\Gromozon_Removal troverai il report.
Incollalo in un post.

Poi fai una scansione con GMer dalla posizione Autostart (la scegli dalla barra dei Menu), premi scan (dura pochi secondi).
Incolli il log generato dallo scan di Gmer nel medesimo post in cui incollerai il report del tool di rimozione.

[tower]

ho eseguito il tool e sembra che abbia rimosso sto gromozon...

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\system32\epaa.dll
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\C1.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\ssbsd1.del
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\C4.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\CB.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\D8.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\DE.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\E2.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\E6.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\ssbsd1.dll
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\6.tmp
Removed!


Trojan.Gromozon Removed!

e questa è la scansione con gmer:


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-11 15:33:10
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- EOF - GMER 1.0.10 ----

non sembra esserci nulla,avrò risolto? ditemi voi...

[Luke57]

Ciao, occorre il log di Gmer nella posizione AUTOSTART
Cerco di dirtelo da tre post, ma invano...
apri gmer,exe, nella finestra che si apre, nel menu in alto, clicchi Autostart e premi scan. Nel giro di pochi secondi viene elaborato il log, clicchi Copy e lo incolli in un post.
Facile, no?

[tower]

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-11 17:39:41
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = userinit.exe,userinit32.exe

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\System32\CTsvcCDA.exe
evedll /*Estensione eventi dll*/@ = C:\WINDOWS\Downlo~1\g1ht0tf\ghn44f9.exe /*file not found*/
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
hwclock /*Hardware Clock Driver*/@ = C:\WINDOWS\System32\hwclock.exe /*file not found*/
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NetVea /*NetVea*/@ = "\\?\C:\Programmi\File comuni\System\aux.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\System32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@Jet DetectionC:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
@NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
@LVCOMSXC:\WINDOWS\System32\LVCOMSX.EXE = C:\WINDOWS\System32\LVCOMSX.EXE
@LogitechVideoRepairC:\Programmi\Logitech\Video\ISStart.exe = C:\Programmi\Logitech\Video\ISStart.exe
@LogitechVideoTrayC:\Programmi\Logitech\Video\LogiTray.exe = C:\Programmi\Logitech\Video\LogiTray.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@MSNS PLUS XP2msnnsg.exe /*file not found*/ = msnnsg.exe /*file not found*/
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@kbwd2.exeC:\WINDOWS\Temp\kbwd2.exe /*file not found*/ = C:\WINDOWS\Temp\kbwd2.exe /*file not found*/
@UnlockerAssistant"C:\Programmi\Unlocker\UnlockerAssistant.exe" = "C:\Programmi\Unlocker\UnlockerAssistant.exe"
@!ewido"C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized = "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
RunServices@MSNS PLUS XP2 = msnnsg.exe /*file not found*/
RunOnceEx@ = /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\System32\ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
@svshost32svshost32.exe /*file not found*/ = svshost32.exe /*file not found*/
@Compaq32 Service Driversmsnt32.exe /*file not found*/ = msnt32.exe /*file not found*/
@Spamihilator"C:\Programmi\Spamihilator\spamihilator.exe" /*file not found*/ = "C:\Programmi\Spamihilator\spamihilator.exe" /*file not found*/
@LogitechSoftwareUpdateC:\Programmi\Logitech\Video\ManifestEngine.exe boot = C:\Programmi\Logitech\Video\ManifestEngine.exe boot
@ScaricaMP3C:\Documents and Settings\fabio\Dati applicazioni\ScaricaMP3[1].exe t /*file not found*/ = C:\Documents and Settings\fabio\Dati applicazioni\ScaricaMP3[1].exe t /*file not found*/
@MSMSGS"C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background = "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
@updateMgr"C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 = "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
@MessengerPlus3"C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart /*file not found*/ = "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart /*file not found*/
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices >>>
@svshost32svshost32.exe /*file not found*/ = svshost32.exe /*file not found*/
@Compaq32 Service Driversmsnt32.exe /*file not found*/ = msnt32.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Estensione finestra proprietà di aggiornamento automatico*/C:\WINDOWS\System32\wuaueng.dll = C:\WINDOWS\System32\wuaueng.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} /*Immagini Logitech*/C:\Programmi\Logitech\Video\Namespc2.dll = C:\Programmi\Logitech\Video\Namespc2.dll
@{acb4a560-3606-11d3-aef4-00104bd0f92d} /*KodakShellExtension*/C:\Programmi\File comuni\Kodak\ifscore\KodakShX.dll = C:\Programmi\File comuni\Kodak\ifscore\KodakShX.dll
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 DragDrop Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Context Menu Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Property Sheet Shell Extension*/C:\Programmi\WinAce\arcext.dll = C:\Programmi\WinAce\arcext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programmi\WinAce\arcext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{60DEDD20-70E6-F23A-495F-99376824A0FB}C:\WINDOWS\ssbsd1.dll /*file not found*/ = C:\WINDOWS\ssbsd1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\ALFAGT~1.SCR /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.virgilio.it/free = http://www.virgilio.it/free
@Start Pagehttp://home.it.netscape.com/it/ = http://home.it.netscape.com/it/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
raid_tool.exe.lnk = raid_tool.exe.lnk
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Kodak software updater.lnk = Kodak software updater.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk
Kodak EasyShare software.lnk = Kodak EasyShare software.lnk
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk

---- EOF - GMER 1.0.10 ----

ora ho fatto bene?? scusa...non avevo capito....