|
Thanks again first of all.
So I looked for Gator or Gain in add/remove program but there was nothing there.
then I removed the folder
C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU AVVIO\PROGRAMMI\GAIN
when I did that microsoft office started some installation maintenance and asked me the disk, I cancelled the operation and the pc stuck. I had to switch it off and on again.
Then I tried to remove
C:\WINNT\system32\svkp.sys
but the file was in use. So I wen to safe mode and I was able to delete it.
Now here you have the two requested logs:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 15/10/2005 23:42:32 817 C:\log.txt
PEC2 15/10/2005 23:42:32 817 C:\log.txt
UPX! 15/10/2005 23:41:44 213 C:\win.txt
PEC2 15/10/2005 23:41:44 213 C:\win.txt
UPX! 15/10/2005 23:32:26 95 C:\start.txt
UPX! 15/10/2005 23:42:06 28 C:\windows.txt
qoologic 23/10/2005 23:50:12 202953 C:\WinPFind.zip
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 09/05/2005 13:00:24 277282 C:\WINNT\drsetup.exe
Checking %System% folder...
UPX! 17/09/2001 13:20:02 9216 C:\WINNT\SYSTEM32\cpuinf32.dll
winsync 08/05/2001 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
Umonitor 19/06/2003 20:05:04 545552 C:\WINNT\SYSTEM32\RASDLG.DLL
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
23/10/2005 23:51:58 H 1457484 C:\WINNT\ShellIconCache
04/10/2005 12:42:00 H 2048 C:\WINNT\system32\bqsfczfu.exe
23/10/2005 23:46:28 H 889 C:\WINNT\system32\vsconfig.xml
22/10/2005 16:55:42 H 4212 C:\WINNT\system32\zllictbl.dat
24/10/2005 00:01:10 H 1024 C:\WINNT\system32\config\software.LOG
23/10/2005 23:52:20 H 1024 C:\WINNT\system32\config\default.LOG
23/10/2005 23:55:02 H 1024 C:\WINNT\system32\config\SECURITY.LOG
23/10/2005 23:57:04 H 1024 C:\WINNT\system32\config\SAM.LOG
22/10/2005 15:28:32 HS 24 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\User\Preferred
22/10/2005 15:28:32 HS 336 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\User\eb0c73f5-20e7-40f4-8d94-d00d5c9252b3
01/09/2005 07:09:24 H 14117 C:\WINNT\Web\printers.htt
23/10/2005 23:52:10 S 64 C:\WINNT\CSC\00000001
22/10/2005 16:39:18 S 64 C:\WINNT\CSC\00000002
23/10/2005 23:52:12 H 6 C:\WINNT\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 19/06/2003 20:05:04 303888 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 08/05/2001 32016 C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation 19/06/2003 20:05:04 243472 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 08/05/2001 130320 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 08/05/2001 120592 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 08/05/2001 36624 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 08/05/2001 122640 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 08/05/2001 308496 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 08/05/2001 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 08/05/2001 41744 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 08/05/2001 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 08/05/2001 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 20/02/2001 13:09:54 109056 C:\WINNT\SYSTEM32\INPUT.CPL
Microsoft Corporation 30/10/2001 08:10:00 326144 C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation 19/06/2003 20:05:04 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 19/06/2003 20:05:04 93456 C:\WINNT\SYSTEM32\powercfg.cpl
19/08/2003 08:20:04 180224 C:\WINNT\SYSTEM32\ac3filter.cpl
Ahead Software AG 23/12/2003 15:40:52 57344 C:\WINNT\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 19/06/2003 20:05:04 128784 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 08/05/2001 69392 C:\WINNT\SYSTEM32\access.cpl
Logitech Inc. 20/06/2002 12:25:14 90112 C:\WINNT\SYSTEM32\CamCpl.cpl
RealNetworks, Inc. 13/06/2003 21:34:38 24064 C:\WINNT\SYSTEM32\prefscpl.cpl
Microsoft Corporation 26/05/2005 04:16:32 174872 C:\WINNT\SYSTEM32\wuaucpl.cpl
19/11/1999 13:54:12 155648 C:\WINNT\SYSTEM32\PPPoEService.cpl
Microsoft Corporation 19/06/2003 20:05:04 83728 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 30/08/2002 19:28:48 293376 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 08/05/2001 41744 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 26/05/2005 04:16:32 174872 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 30/08/2002 19:28:48 293376 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
IBM Corporation 07/10/1999 01:30:58 94720 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
28/03/2005 20:14:16 530 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a html2pop3.exe.lnk
28/03/2005 20:14:12 533 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\EPSON Status Monitor 3 Environment Check 2.lnk
28/03/2005 20:14:10 1498 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
28/03/2005 20:14:14 434 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZyAIR G-100 Wireless LAN Utility.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
21/10/2005 12:37:24 21 C:\Documents and Settings\All Users\Dati applicazioni\emopts.dat
21/10/2005 15:07:10 H 6214 C:\Documents and Settings\All Users\Dati applicazioni\sys001.log
21/10/2005 15:07:10 H 10927 C:\Documents and Settings\All Users\Dati applicazioni\sys002.log
21/10/2005 15:07:10 H 4714 C:\Documents and Settings\All Users\Dati applicazioni\sys003.log
21/10/2005 15:07:10 H 7143 C:\Documents and Settings\All Users\Dati applicazioni\sys004.log
21/10/2005 15:07:10 H 1149 C:\Documents and Settings\All Users\Dati applicazioni\sys008.log
19/10/2005 00:12:44 2357 C:\Documents and Settings\All Users\Dati applicazioni\sys009.log
Checking files in %USERPROFILE%\Startup folder...
28/03/2005 20:14:20 447 C:\Documents and Settings\Ornella\Menu Avvio\Programmi\Esecuzione automatica\Stop Dialers.lnk
Checking files in %USERPROFILE%\Application Data folder...
26/08/2003 18:36:12 14144 C:\Documents and Settings\Ornella\Dati applicazioni\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\NortonAntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\o_pro\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Programmi\WS_FTP Pro\wsftpsi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\NortonAntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\o_pro\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Programmi\WS_FTP Pro\wsftpsi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\o_pro\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Programmi\NortonAntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Suggerimenti = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINNT\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programmi\NortonAntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
SearchBand = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Controllo ActiveX ricerca file e cartelle = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Indirizzo : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = Co&llegamenti : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programmi\NortonAntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Indirizzo : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = Co&llegamenti : %SystemRoot%\System32\browseui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NAV Agent C:\PROGRA~1\NORTON~1\navapw32.exe
Synchronization Manager mobsync.exe /logon
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Zone Labs Client C:\a_pro\firewall\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Spamihilator "C:\o_pro\antispam\Spamihilator\spamihilator.exe"
ctfmon.exe ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0
CDRAutoRun 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 24/10/2005 00:05:42
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"Synchronization Manager"="mobsync.exe /logon"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"Zone Labs Client"="C:\\a_pro\\firewall\\ZoneAlarm\\zlclient.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINNT\system32\shell32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINNT\system32\shell32.dll
Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Programmi\NortonAntiVirus\NavShExt.dll
Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\o_pro\WinRAR\rarext.dll
Subkey --- WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B}
C:\Programmi\WS_FTP Pro\wsftpsi.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINNT\system32\shell32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINNT\System32\docprop2.dll
Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984}
C:\WINNT\system32\faxshell.dll
Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINNT\System32\docprop2.dll
==============================
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
Microsoft Office.lnk
EPSON Status Monitor 3 Environment Check 2.lnk
ZyAIR G-100 Wireless LAN Utility.lnk
Collegamento a html2pop3.exe.lnk
==============================
C:\Documents and Settings\Ornella\Menu Avvio\Programmi\Esecuzione automatica
Microsoft Office.lnk
EPSON Status Monitor 3 Environment Check 2.lnk
ZyAIR G-100 Wireless LAN Utility.lnk
Collegamento a html2pop3.exe.lnk
Stop Dialers.lnk
==============================
C:\WINNT\system32 cpl files
appwiz.cpl Microsoft Corporation
fax.cpl Microsoft Corporation
DESK.CPL Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
INPUT.CPL Microsoft Corporation
joy.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
ac3filter.cpl
ImageDrive.cpl Ahead Software AG
SYSDM.CPL Microsoft Corporation
access.cpl Microsoft Corporation
CamCpl.cpl Logitech Inc.
prefscpl.cpl RealNetworks, Inc.
wuaucpl.cpl Microsoft Corporation
PPPoEService.cpl
sticpl.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
Thanks a lot for your nice support
andrea
|