Olimpo Informatico

[Rei]

ciao raga,
dato che ancora non sono riuscita a formattare (il notebook asus è usato e ho il num seriale di w xp sp2 ma non ho il cd, mentre ho il cd di w home edition ma non me lo prende perchè quello istallato è più aggiornato )
insomma intanto vi posto i log di gmer e hjt... io credo che ci sia di tutto di più dentro a questo pc anche perchè non mi fa più istallare antivirus di sorta

Logfile of HijackThis v1.99.0
Scan saved at 10.24.39, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\pctspk.exe
C:\windows\system32\services.exe
C:\WINDOWS\TEMP\znqgaa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Simo\Menu Avvio\Programmi\Esecuzione automatica\dslmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Simo\IMPOST~1\Temp\Rar$EX07.567\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tin.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: INSIDE BIKE - {682C4DBF-F7DB-F975-2568-753DC773C736} - C:\PROGRA~1\STYLED~1\once2.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: DogTestGrim - {1B9DB551-C0AE-9D57-5779-556EC6BE0904} - C:\PROGRA~1\STYLED~1\once2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [jefpca.exe] C:\Documents and Settings\Simo\Impostazioni locali\Temp\jefpca.exe
O4 - HKLM\..\Run: [ctfdpfgc] "c:\windows\system32\ctfdpfgc.exe"
O4 - HKLM\..\Run: [znqgaa.exe] C:\WINDOWS\TEMP\znqgaa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {F84D64E1-4406-45F5-9078-2FDDC98347E9} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170790111705
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Google Updater Service - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe


bene eh! ed ora così per gradire ecco il log di gmer, giusto quelle 25 pag così per conciliare il sonno:


GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-28 15:22:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 2CC 804E2928 1 Byte [ BC ]
.text ntoskrnl.exe!_abnormal_termination + 2CE 804E292A 2 Bytes [ D5, F2 ]
? C:\WINDOWS\System32\DRIVERS\update.sys

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1884
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1964

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{A356E26F-F64B-8F5D-7C18E49D604F2F76}\{6A54AA76-7D92-69B0-4B2831BB70973615}\{981C58D8-528B-1766-742A6B252CC7665F}@Q3FBLH6RIF6MYMN6VD31LVQSMD1 0x01 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F16633BB-6FFB-FEEF-6851EE4CF61ADAA7}\{8DE0EF13-9AB8-84BF-28848AB6F741F092}\{2912CDF2-3190-D0FE-95FF87CEE55A8F74}@Q3FBLH6RIF6MYMN6VD31LVQSMD1 0x01 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>00}qZ=`RaAFZQ{?{DArt?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e}GvMMOnH@hg(nYnu%p8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aPzKX=15Z?*VmZwfL?5??
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>]-2y_C5dWAq8t'Ahp=bS?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>IvR7u6?dq8g4^Yd4V1J6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>8P8fd9s@-?D*V},`V=T3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>xY=TG9CqU@W)~p?RO_w[?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C)z]OrW%R=wF2GW{Mgf2?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hWlcu7oG*9ybzp+^-VdU?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>_FJM`5byo=hcOs8jwB`u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>^'5*]IAel?w8MnWaY[Jf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>'.E-h@SP~=w?DXL*AL.m?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>=6xEmQ}b$?[kDPAt*+Mv?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?7w%[IH(QA(f_Nv)g1+u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>6_Lp.YrKG=t~lt)yuC(b?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Av^oip*aw@nLUAKMX6tN?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>vQk-c(tl+9_q.YVyjkqq?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>R,YAg8Uzf?q9ZRNgCdW.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>nV30Foad^=4D0FLgllXd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>W**YR.kDv?kTe!evxZOf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{?^lW%IQJ=DGh@&,glnR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorlib,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>v~Yw+7RXK?*n7r]K90Xd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>PCwF,UKRl=)zd@Q'%%3G?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>oaxX*et~F@1qEj-wm]ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hXM40zsHQ9T~regpU=Bb?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft_VsaVb,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>ZYT6Y}7@o?kE(HR+=APT?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>vC~AI=2_U=jP1y7`PgEK?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>dxy+{V6B(@+d{@(0_+AQ?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@cscompmgd,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>.[PYtUR-d8WP[=+EL+1O?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>2Y]8C*W[d@g,InfZq=QO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>uqOdb3z0A9nOM3DNwRap?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualC,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>w=KLXB[Xr=7Tk@&xP9mc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>HgVH13*D4=(W~'P?(s2v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e64H(FT9aAe*?nR&Hqu&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>,.idGaf+a@p?-Q++qW2k?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NA^,LBxBWAO8^5,~v&8R?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>kgT}+.%vy?ikM)Pm%j(e?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NLc&){D?)A$1sUX?25sO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$v^BT?)o-=UTn*mAe$WC?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>5FJq?3gMD@zhYonAA7zP?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&n!BoCXqG=-dnT!D_K^F?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>lWHd$@tF]9]5,Sm%4[C+?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Z4gl`yrv7=muBlQnQKLc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aNAK!_!Eo=`)&1S{-9qF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>VM.bWln_GA'bH^9b4zy!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>%$f[5O}U(A5g(F1lojgF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&E8MWjh%YAwnpr?O'Yi%?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C*F%G*9^O@W5=%1gR^8-?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>SksH4=PK%=e-_b0RuAPa?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>fHeMP]gBr8xqs@n2Co?]?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>(GwSNVGT+@7fT)]}SlJ_?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEExecRemote,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>bbB7w3YPI?^u?S_0}W8T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{e[a-{V).94C1..jDAj.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>a+z?fXORD?MQ[Q9IU8rM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>)FaXaBH81?z8.(n5Ifk0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?Apg'v4Ao8k8Bcl_)c@q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.OracleClient,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>LSv0fvZqn=B^x-K9?$ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>E-9C,Ky_,=`o0ZsSt.K4?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$AqI^d@FOAa}lhk6lCx6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>b(NwVxq^D9N$NykQh&F=?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>f8hJ=QM?g(Z1z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript.resources,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="7.10.3052.4" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>xt?_kV[TL=1YsIA}j8nR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.resources,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="7.10.3052.4" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>{C}9ka0NP?[JXZ40*SN&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>i5D~ev8`l@wdOrb7`v%t?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>PfSXn7Q5f=EJFhAo+ACn?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>$~`k].=7g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>b3f0=M]_v9qN2l.yX1$v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>3]9ZToAs[9t@ug]6wx8f?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>_lorO!11%@sD?*T9!ctc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Jd75P~mpS?8gy(M-yt}6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@SYSTEM.WINDOWS.FORMS.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>X?WW3GI9p@VZT0tdnz[0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.XML.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>*PY+kd!_!9L@l~SNJb%Q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>,`Zt6!6sAAkxzRXOLa]h?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Yh302W[px=t%@tz2lZq9?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>uwyWzXrpk?,o(App5E9T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>+ly8{x[k}=1pW6*zLygW?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>_^&sneG7n?QA~-cZ=ADM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>ti[ZWxsk9AarL!U)GOhV?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorlib.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>W$ns(7iwC@&{o~)}MiTz?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Ivc$vDYb[A%nW6x2Cuk3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>UKXVo05uH?$a7Mh0?lK8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@system.management.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>DO3uPNA+L?xlR41=@so,?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>[vDERFebj?Gv7JQlntpr?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Cg?^mQr!L@a?sU.}rr2.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>G@hJ=QM?g(Z1z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vbe.Interop.Forms,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiForms_PIA>C4O6R%GLs@ysprGAz4eu?t.XHVn-}f(ZXfeAR6.jiForms_PIA>C4O6R%GLs@ysprGAz4eu?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Graph,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiGraph_PIA>~6Q5^Ga-w@2Sn)lr)X{B?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.SmartTag,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiSmartTag_PIA>e{^wB4=&?A{^nsSDeg`!?t.XHVn-}f(ZXfeAR6.jiSmartTag_PIA>e{^wB4=&?A{^nsSDeg`!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Owc11,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jidummy_OWC11_PIA>w-M$2K'.09U(LNnT^^5F?^Y6FVn-}f(ZXfeAR6.jidummy_OWC11_PIA>w-M$2K'.09U(LNnT^^5F?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Office,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiWord_PIA>keY{BC!FC?%3@}W5_!Oa?ol+QVn-}f(ZXfeAR6.jidummy_Office_PIA>keY{BC!FC?%3@}W5_!Oa?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>keY{BC!FC?%3@}W5_!Oa?t.XHVn-}f(ZXfeAR6.jidummy_Office_PIA>keY{BC!FC?%3@}W5_!Oa?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vbe.Interop,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>X.2kG@=8r=omnVtBlW4t?ol+QVn-}f(ZXfeAR6.jidummy_Office_PIA>X.2kG@=8r=omnVtBlW4t?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>X.2kG@=8r=omnVtBlW4t?t.XHVn-}f(ZXfeAR6.jidummy_Office_PIA>X.2kG@=8r=omnVtBlW4t?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscomctl,Version="10.0.4504.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",FileVersion="10.0.4504.0" .]gAVn-}f(ZXfeAR6.jidummy_OWC11_PIA>KA@hzZEP39+P$2)8P=ih?ol+QVn-}f(ZXfeAR6.jidummy_MSCOMCTL_PIA>KA@hzZEP39+P$2)8P=ih?^Y6FVn-}f(ZXfeAR6.jidummy_OWC11_PIA>KA@hzZEP39+P$2)8P=ih?t.XHVn-}f(ZXfeAR6.jidummy_MSCOMCTL_PIA>KA@hzZEP39+P$2)8P=ih?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@ADODB,Version="7.0.3300.00",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.10.2346.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?t.XHVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?ol+QVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@MSDATASRC,Version="7.0.3300.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.0.9466.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?t.XHVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?ol+QVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@stdole,Version="7.0.3300.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.0.9466.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?t.XHVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?ol+QVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Visio,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.3216.0" t.XHVn-}f(ZXfeAR6.jiVisio_PIA>@m=eKqBu0@rurQjcWGlV?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Visio.SaveAsWeb,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.3216.0" t.XHVn-}f(ZXfeAR6.jiVisio_PIA>Jo6dD49b[?0jC8WY!qiW?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.VisOcx,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.3216.0" t.XHVn-}f(ZXfeAR6.jiVisio_PIA>h7sy3)bK*@ykc$hdX5Yv?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.MSProject,Version="11.0.0.000000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.2003.816" ^Y6FVn-}f(ZXfeAR6.jiProject_PIA>paNAFIIPZ=9sdELE2'~!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Access,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiAccess_PIA>FLZepab2T=7DZ%Dy4.Pp?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Excel,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiExcel_PIA>h=N(]v='Z8fT~7.nB)gM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Outlook,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiOutlook_PIA>u-~c)SFCu@BEkdumKh?7?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.OutlookViewCtl,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiOutlook_PIA>~y?XTW)u[9(.nxGr6}*q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.PowerPoint,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiPowerPoint_PIA>A*%D8^tU^@r`VP5(u&y)?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Publisher,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiPublisher_PIA>=JF7j5dP3@JrIDRuj1}%?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Word,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiWord_PIA>QYH2,E)&^@QK&Mt%QU}u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@dao,Version="10.0.4504.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",FileVersion="10.0.4504.0" .]gAVn-}f(ZXfeAR6.jiAccess_PIA>6O_.hd.s6==YX^M9.,Kb?
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\dot4\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\setup\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\common\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\win9x_me\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\win2k_xp\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\com_os\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\ita\drivers\win9x_me\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\ita\drivers\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\ita\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\ita\drivers\com_lang\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\AiO\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\data\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\hpodcache\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\audio\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\Hewlett-Packard\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\Hewlett-Packard\Memories Disc\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\prgen\

[Rei]

ehm
sono sempre io... mi sono accorta che il log di gmer non è completo... provo a riportarlo? boh non vorrei intasarvi tutto il forum
grazie ancora per la vostra pazienza da santi....


GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-28 15:22:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Simo\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 2CC 804E2928 1 Byte [ BC ]
.text ntoskrnl.exe!_abnormal_termination + 2CE 804E292A 2 Bytes [ D5, F2 ]
? C:\WINDOWS\System32\DRIVERS\update.sys

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1884
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 1964

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{A356E26F-F64B-8F5D-7C18E49D604F2F76}\{6A54AA76-7D92-69B0-4B2831BB70973615}\{981C58D8-528B-1766-742A6B252CC7665F}@Q3FBLH6RIF6MYMN6VD31LVQSMD1 0x01 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F16633BB-6FFB-FEEF-6851EE4CF61ADAA7}\{8DE0EF13-9AB8-84BF-28848AB6F741F092}\{2912CDF2-3190-D0FE-95FF87CEE55A8F74}@Q3FBLH6RIF6MYMN6VD31LVQSMD1 0x01 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>00}qZ=`RaAFZQ{?{DArt?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e}GvMMOnH@hg(nYnu%p8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aPzKX=15Z?*VmZwfL?5??
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>]-2y_C5dWAq8t'Ahp=bS?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>IvR7u6?dq8g4^Yd4V1J6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>8P8fd9s@-?D*V},`V=T3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>xY=TG9CqU@W)~p?RO_w[?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C)z]OrW%R=wF2GW{Mgf2?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hWlcu7oG*9ybzp+^-VdU?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>_FJM`5byo=hcOs8jwB`u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>^'5*]IAel?w8MnWaY[Jf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>'.E-h@SP~=w?DXL*AL.m?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>=6xEmQ}b$?[kDPAt*+Mv?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?7w%[IH(QA(f_Nv)g1+u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>6_Lp.YrKG=t~lt)yuC(b?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Av^oip*aw@nLUAKMX6tN?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>vQk-c(tl+9_q.YVyjkqq?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>R,YAg8Uzf?q9ZRNgCdW.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>nV30Foad^=4D0FLgllXd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>W**YR.kDv?kTe!evxZOf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{?^lW%IQJ=DGh@&,glnR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorlib,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>v~Yw+7RXK?*n7r]K90Xd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>PCwF,UKRl=)zd@Q'%%3G?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>oaxX*et~F@1qEj-wm]ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hXM40zsHQ9T~regpU=Bb?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft_VsaVb,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>ZYT6Y}7@o?kE(HR+=APT?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>vC~AI=2_U=jP1y7`PgEK?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>dxy+{V6B(@+d{@(0_+AQ?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@cscompmgd,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>.[PYtUR-d8WP[=+EL+1O?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>2Y]8C*W[d@g,InfZq=QO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>uqOdb3z0A9nOM3DNwRap?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualC,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>w=KLXB[Xr=7Tk@&xP9mc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>HgVH13*D4=(W~'P?(s2v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e64H(FT9aAe*?nR&Hqu&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>,.idGaf+a@p?-Q++qW2k?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NA^,LBxBWAO8^5,~v&8R?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>kgT}+.%vy?ikM)Pm%j(e?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NLc&){D?)A$1sUX?25sO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$v^BT?)o-=UTn*mAe$WC?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>5FJq?3gMD@zhYonAA7zP?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&n!BoCXqG=-dnT!D_K^F?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>lWHd$@tF]9]5,Sm%4[C+?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Z4gl`yrv7=muBlQnQKLc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aNAK!_!Eo=`)&1S{-9qF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>VM.bWln_GA'bH^9b4zy!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>%$f[5O}U(A5g(F1lojgF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&E8MWjh%YAwnpr?O'Yi%?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C*F%G*9^O@W5=%1gR^8-?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>SksH4=PK%=e-_b0RuAPa?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>fHeMP]gBr8xqs@n2Co?]?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>(GwSNVGT+@7fT)]}SlJ_?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEExecRemote,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>bbB7w3YPI?^u?S_0}W8T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{e[a-{V).94C1..jDAj.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>a+z?fXORD?MQ[Q9IU8rM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>)FaXaBH81?z8.(n5Ifk0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?Apg'v4Ao8k8Bcl_)c@q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.OracleClient,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>LSv0fvZqn=B^x-K9?$ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>E-9C,Ky_,=`o0ZsSt.K4?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$AqI^d@FOAa}lhk6lCx6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>b(NwVxq^D9N$NykQh&F=?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>f8hJ=QM?g(Z1z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript.resources,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="7.10.3052.4" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>xt?_kV[TL=1YsIA}j8nR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.resources,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="7.10.3052.4" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>{C}9ka0NP?[JXZ40*SN&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>i5D~ev8`l@wdOrb7`v%t?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>PfSXn7Q5f=EJFhAo+ACn?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>$~`k].=7g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>b3f0=M]_v9qN2l.yX1$v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>3]9ZToAs[9t@ug]6wx8f?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>_lorO!11%@sD?*T9!ctc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Jd75P~mpS?8gy(M-yt}6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@SYSTEM.WINDOWS.FORMS.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>X?WW3GI9p@VZT0tdnz[0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.XML.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>*PY+kd!_!9L@l~SNJb%Q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>,`Zt6!6sAAkxzRXOLa]h?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Yh302W[px=t%@tz2lZq9?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>uwyWzXrpk?,o(App5E9T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>+ly8{x[k}=1pW6*zLygW?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>_^&sneG7n?QA~-cZ=ADM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>ti[ZWxsk9AarL!U)GOhV?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorlib.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>W$ns(7iwC@&{o~)}MiTz?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Ivc$vDYb[A%nW6x2Cuk3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>UKXVo05uH?$a7Mh0?lK8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@system.management.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>DO3uPNA+L?xlR41=@so,?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>[vDERFebj?Gv7JQlntpr?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Cg?^mQr!L@a?sU.}rr2.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>G@hJ=QM?g(Z1z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vbe.Interop.Forms,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiForms_PIA>C4O6R%GLs@ysprGAz4eu?t.XHVn-}f(ZXfeAR6.jiForms_PIA>C4O6R%GLs@ysprGAz4eu?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Graph,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiGraph_PIA>~6Q5^Ga-w@2Sn)lr)X{B?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.SmartTag,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiSmartTag_PIA>e{^wB4=&?A{^nsSDeg`!?t.XHVn-}f(ZXfeAR6.jiSmartTag_PIA>e{^wB4=&?A{^nsSDeg`!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Owc11,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jidummy_OWC11_PIA>w-M$2K'.09U(LNnT^^5F?^Y6FVn-}f(ZXfeAR6.jidummy_OWC11_PIA>w-M$2K'.09U(LNnT^^5F?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Office,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiWord_PIA>keY{BC!FC?%3@}W5_!Oa?ol+QVn-}f(ZXfeAR6.jidummy_Office_PIA>keY{BC!FC?%3@}W5_!Oa?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>keY{BC!FC?%3@}W5_!Oa?t.XHVn-}f(ZXfeAR6.jidummy_Office_PIA>keY{BC!FC?%3@}W5_!Oa?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vbe.Interop,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>X.2kG@=8r=omnVtBlW4t?ol+QVn-}f(ZXfeAR6.jidummy_Office_PIA>X.2kG@=8r=omnVtBlW4t?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>X.2kG@=8r=omnVtBlW4t?t.XHVn-}f(ZXfeAR6.jidummy_Office_PIA>X.2kG@=8r=omnVtBlW4t?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscomctl,Version="10.0.4504.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",FileVersion="10.0.4504.0" .]gAVn-}f(ZXfeAR6.jidummy_OWC11_PIA>KA@hzZEP39+P$2)8P=ih?ol+QVn-}f(ZXfeAR6.jidummy_MSCOMCTL_PIA>KA@hzZEP39+P$2)8P=ih?^Y6FVn-}f(ZXfeAR6.jidummy_OWC11_PIA>KA@hzZEP39+P$2)8P=ih?t.XHVn-}f(ZXfeAR6.jidummy_MSCOMCTL_PIA>KA@hzZEP39+P$2)8P=ih?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@ADODB,Version="7.0.3300.00",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.10.2346.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?t.XHVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?ol+QVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>c)xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@MSDATASRC,Version="7.0.3300.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.0.9466.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?t.XHVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?ol+QVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>!*xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@stdole,Version="7.0.3300.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.0.9466.0" .]gAVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?t.XHVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?ol+QVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?^Y6FVn-}f(ZXfeAR6.jiVSCommonPIAHidden>_*xOnBb5g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Visio,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.3216.0" t.XHVn-}f(ZXfeAR6.jiVisio_PIA>@m=eKqBu0@rurQjcWGlV?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Visio.SaveAsWeb,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.3216.0" t.XHVn-}f(ZXfeAR6.jiVisio_PIA>Jo6dD49b[?0jC8WY!qiW?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.VisOcx,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.3216.0" t.XHVn-}f(ZXfeAR6.jiVisio_PIA>h7sy3)bK*@ykc$hdX5Yv?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.MSProject,Version="11.0.0.000000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.2003.816" ^Y6FVn-}f(ZXfeAR6.jiProject_PIA>paNAFIIPZ=9sdELE2'~!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Access,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiAccess_PIA>FLZepab2T=7DZ%Dy4.Pp?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Excel,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiExcel_PIA>h=N(]v='Z8fT~7.nB)gM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Outlook,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiOutlook_PIA>u-~c)SFCu@BEkdumKh?7?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.OutlookViewCtl,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiOutlook_PIA>~y?XTW)u[9(.nxGr6}*q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.PowerPoint,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiPowerPoint_PIA>A*%D8^tU^@r`VP5(u&y)?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Publisher,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiPublisher_PIA>=JF7j5dP3@JrIDRuj1}%?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Office.Interop.Word,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0" .]gAVn-}f(ZXfeAR6.jiWord_PIA>QYH2,E)&^@QK&Mt%QU}u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@dao,Version="10.0.4504.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",FileVersion="10.0.4504.0" .]gAVn-}f(ZXfeAR6.jiAccess_PIA>6O_.hd.s6==YX^M9.,Kb?
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\dot4\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\setup\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\common\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\win9x_me\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\win2k_xp\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\common\drivers\com_os\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\ita\drivers\win9x_me\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\ita\drivers\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\ita\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\ita\drivers\com_lang\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\AiO\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\data\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\hpodcache\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\audio\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\Hewlett-Packard\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\Hewlett-Packard\Memories Disc\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\prgen\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\SHOW\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\SHOW\STYLE\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\SHOW\JS\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\STYLE\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\JS\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\GRAPHICS\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\BROWSE\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\BROWSE\STYLE\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\BROWSE\JS\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\sdkgen\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\coregen\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\xslt\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\graphics\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Memories Disc\pcgen\VIEW\HTML\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{B376402D-58EA-45EA-BD50-DD924EB67A70}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\hp psc 1100 series\help\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Hewlett-Packard\Digital Imaging\hp psc 1100 series\

[Orange]

ciao!
ho visto che sei on-line, percio ti rispondo per primo..

hai il virus Bagle, intanto scarica questo tool
Scaricalo, avvialo, spunta la casella "eliminare automaticamente", e fai la scansione.
riposta il log da C:/InfoSat.txt e quello di GMER( fatto DOPO la passata con il tool. Magari solo della scheda rootkit)

per il log di HJT --- ora gli dò un'occhiata..

[Rei]

niente non è completo nemmeno a 'sto giro.. evidentemente è troppo lungo ed il sistema giustamente si rifiuta!
facciamo così, aspetto vostre indicazioni e magari se vi serve- immagino di sì- vi posto la parte mancante... continuare a postare un log a metà non mi sembra piacevole da vedere, mi giustifica solo il fatto che nell'anteprima c'era tutto...
scusate, ciao

[Orange]

il log di Gmer lo puoi mettere qui.
dopo posta il link dove poterlo scaricare.


EDIT:
dopo aver eliminato Bagle. fai la scansione con il tuo antivirus.
dopo: scarica l'ultima versione di HiJack e posta il log

[Rei]

grazie
intanto procedo con il tool, però volevo dirti che non ho più un antivirus perchè il pc non mi permette di istallarlo...

[Orange]

non è il PC che non te lo permette, ma il Bagle presente...
scarica questo di antivirus--- è free per un'anno, ha il motore Kaspersky e per il momento è il migliore...
l'unica "pecca"-- i tempi lunghissimi di scansione

[Rei]

ecco il log di infosat:

Wed May 02 12:41:38 2007
EliBagle v10.36 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\SIMO\DATI APPLICAZIONI\HIDIRES\HIDR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\SIMO\DATI APPLICAZIONI\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.36
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle Renombrado a .VIR
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Wed May 02 12:42:39 2007
EliBagle v10.36 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed May 02 12:50:17 2007
EliBagle v10.36 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\


ed ecco il link dove ho caricato l'ultimo log di gmer:

http://www.mytempdir.com/1315887

grazie ancora, a presto

[Rei]

ciao, nuovo problema ...
ho scaricato l'antivirus che mi hai indicato, ho fatto per istallarlo ma mi dice "spazio su disco insufficiente".. io non so più cosa eliminare, ho eliminato un sacco di programmi perchè è un po' che rompe con questa tiritera, non ho neppure più documenti, musica, niente, ho trasferito tutto sulle pen drive... come posso fare la scansione? intanto ti posto il nuovo log di hjt?
ciao

[Rei]

ecco il log di hjt, la versione che mi hai indicato:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.10.03, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\pctspk.exe
C:\windows\system32\services.exe
C:\WINDOWS\TEMP\znqgaa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Simo\Menu Avvio\Programmi\Esecuzione automatica\dslmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Simo\IMPOST~1\Temp\Rar$EX00.779\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tin.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: INSIDE BIKE - {682C4DBF-F7DB-F975-2568-753DC773C736} - C:\PROGRA~1\STYLED~1\once2.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: DogTestGrim - {1B9DB551-C0AE-9D57-5779-556EC6BE0904} - C:\PROGRA~1\STYLED~1\once2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [jefpca.exe] C:\Documents and Settings\Simo\Impostazioni locali\Temp\jefpca.exe
O4 - HKLM\..\Run: [ctfdpfgc] "c:\windows\system32\ctfdpfgc.exe"
O4 - HKLM\..\Run: [znqgaa.exe] C:\WINDOWS\TEMP\znqgaa.exe
O4 - HKLM\..\RunOnce: [ReEXEc] G:\EliBaglA.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: dslmon.exe
O4 - Startup: SAGEM F@st 800-840
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {F84D64E1-4406-45F5-9078-2FDDC98347E9} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170790111705
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe

--
End of file - 6613 bytes

[aris73]

dall'ultimo log di Gmer risulta che hai ancora il Beagle
C:\WINDOWS\system32\hldrrr.exe (*** hidden *** )
hai fatto girare il tool postatoti da Orange assicurandoti che la casella Eliminar Ficheros Automaticamente sia spuntata?

[Rei]

sì era spuntata, mi ha trovato 1 bagle... però quando ha smesso di "lavorare" non si è chiusa in automatico, non so se lo deve fare...l'ho chiusa manualmente e poi ho trovato il log infosat su C..

[Orange]

benedetto IExplorer
ho messo una decina di minuti per scaricare il log (e nel frattempo mi "godevo" la pubblicità di vari casinò boh..) (scusate OT )

Rei
no, EliBaglA non si chiude in automatico, pero, vedo che sono spuntati anche altri processi, che appartengono sempre a Bagle:
wintems, hidrr ....
prova a ripassare ancora una volta il tool
altrimenti procediamo all'eliminazione con un'altro metodo ( e non sarà facile..)

[Rei]

ok ho avviato eli...
che paura
ma poi questa connessione va e viene, come se non bastasse...alice è proprio una sicurezza sì!
a presto

[Rei]

dunque elibagla è terminato e ha trovato 0 ficheros infectados
non mi pare che abbia prodotto alcun log, infosat che ho è delle 12, quindi quello di stamattina...

[Rei]

No! c'era! ma tanto è inutile:

Wed May 02 18:31:26 2007
EliBagle v10.36 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

[holifay]

Ciao Rei, fai un log con questo http://www.suspectfile.com/systemscan
Se il tuo AV ti avverte che systemscan contiene dei virus, disabilita il tuo antivirus temporaneamente

poi carica il log su www.easy-share.com e posta qui il link al file, così possiamo analizzarlo.

Il log ci servirà per la rimozione manuale

[Rei]

fatto!
ecco il link a log di suspectedfile:

http://w13.easy-share.com/1049192.html

[bdoriano]

C'è un bel po di roba da eliminare.
Scarica e installa CCleaner. Usalo per ripulire i files temporanei:
- Avvia il programma
- Opzioni
- Avanzate
- togli il segno di spunta a "Cancella file in Windows Temp solo se più vecchi di 48 ore"
- Cleaner
- Avvia Cleaner

Scarica anche questo e salvalo in una sua cartella.

Riavvia il pc in modalità provvisoria (premi F8 dopo l'avvio del PC, appena ha finito il conteggio della RAM e prima che parta Windows), scegli la modalità provvisoria.

Esegui Esplora risorse
- Strumenti
- Opzioni cartella
- Visualizzazione
- seleziona "Visualizza cartelle e file nascosti"
- togli la spunta a "Nascondi file protetti di sistema"

cancella i seguenti files:
c:\windows\system32\ctfdpfgc.exe
C:\WINDOWS\TEMP\znqgaa.exe
EDIT: C:\Documents and Settings\Simo\Impostazioni locali\Temp\jefpca.exe

edit
dalla cartella C:\WINDOWS\TASKS cancella i seguenti files:
vjetmdg.job
vwe.job
pbh.job
vtflmn.job
cdcshz.job
bmfeyhyq.job
oyvmi.job
akvhitqi.job
rfkit.job
ptopge.job
wlf.job
rhppypap.job
croxrtle.job
auvibdyw.job
zdjtqnl.job
husbqgk.job
tgrztahw.job
biilx.job
wbh.job
ycifkdf.job
rjg.job
lmsevqm.job
qtvgm.job
resfqu.job
qhewc.job

Riavvia il pc normalmente ed esegui Hijack*This, posta qua il log.

[Rei]

ciao bdoriano!
dunque tutto ok fino a che non ho provato a eliminare c:\windows\system32\ctfdpfgc.exe : mi dice "impossibile eliminare: accesso negato"
(C:\WINDOWS\TEMP\znqgaa.exe sono riuscita ad eliminarlo) che posso fare?

gli altri files che mi hai segnalato come faccio a trovarli? io ingenuamente ho provato a inserire qualche nome in "cerca" ma mi risponde che non trova niente...