Olimpo Informatico

Blacks84 · Inviato: 26 Apr 2007 15:25 Oggetto: qmgr0.dat

ciao a tutti......
ad un certi punto mi sono trovato il pc pieno di virus e spyware
dopo aver cambiato antivirus mettendo f-secure che mi ha trovato un po di roba ho fatto varie scansioni on line con bitdefender e McAfee facendomi togliere tutto lo schifo
nonostante tutto il pc mi sembra molto lento rispetto a prima......vi posto il risultato della scansione on line con kaspersky

KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 24, 2007 11:19:29 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/04/2007
Kaspersky Anti-Virus database records: 301882
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
H:\
Scan Statistics
Total number of scanned objects 69301
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 02:58:53

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\cert8.db Object is locked skipped
C:\Documents and Settings\Daniel the best!\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Daniel the best!\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\history.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\key3.db Object is locked skipped
C:\Documents and Settings\Daniel the best!\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\parent.lock Object is locked skipped
C:\Documents and Settings\Daniel the best!\Dati applicazioni\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Cronologia\History.IE5\MSHist012007042420070425\index.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Dati applicazioni\ApplicationHistory\cli.exe.af01e8cc.ini.inuse Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\5scnjxzr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Temp\Perflib_Perfdata_970.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Temp\Perflib_Perfdata_fb4.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Temp\Perflib_Perfdata_fbc.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\ntuser.dat Object is locked skipped
C:\Documents and Settings\Daniel the best!\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Daniel the best!\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\F-Secure\Anti-Virus\dbupdate.log Object is locked skipped
C:\Programmi\F-Secure\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Programmi\F-Secure\Anti-Virus\perf.dat Object is locked skipped
C:\Programmi\F-Secure\Common\policy.bpf Object is locked skipped
C:\Programmi\F-Secure\Common\policy.ipf Object is locked skipped
C:\Programmi\F-Secure\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Programmi\F-Secure\FSAUA\program\fsaua.log Object is locked skipped
C:\Programmi\F-Secure\SPAM Control\log\fs_sa_log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7005.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\AVP5FD7.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP5FD8.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP5FDB.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP5FDC.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

ecco se qualcuno puo dare un'occhiata magari sono delle cose da togliere

Blacks84 · Inviato: 26 Apr 2007 15:29 Oggetto:

leggendo discussioni precedenti rigurdo il tipo di problema penso che bisognerebbe cancellare questi file ma non me lo permette neanche in modalita provvisoria

bdoriano · Inviato: 26 Apr 2007 17:40 Oggetto:

Purtroppo il log che hai postato non può essere utile.
Procedi così:

Blacks84 · Inviato: 26 Apr 2007 17:45 Oggetto:

ecco il risultato di hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15.14.12, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure\Common\FSMA32.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\F-Secure\Common\FAMEH32.EXE
C:\Programmi\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\F-Secure\FSAUA\program\fsaua.exe
C:\Programmi\F-Secure\Anti-Virus\fssm32.exe
C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
C:\Programmi\F-Secure\FSGUI\fsguidll.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.emurayden.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpywareBot] C:\Programmi\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Emurayden PSX Emulator] c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Programmi\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38D54BC1-02C0-455D-AB52-F221D440F68A}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programmi\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE

bdoriano · Inviato: 26 Apr 2007 18:22 Oggetto:

Non conosco F-Secure come antivirus, ma mi sembra che ci siano parecchi processi a suo nome.
A parte questo non ci vedo nulla di particolare nel log di hijack... Confused

Proviamo così:

Blacks84 · Inviato: 26 Apr 2007 18:44 Oggetto:

mentre aspettavo una vostra risposta,stavo sbirciando nelle discussioni il problema con svchost che ho anchio all'avvio del pc che per circa una decina di minuti il pc e inutilizzabile.......e seguendo i consiglio di ORANGE sono andato sul sito http://translate.google.com/translate?hl=it&sl=en&u=http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3DSVCHOST.exe%26hl%3Dit%26rlz%3D1B2GGFB_itIT210IT210
andando poi a fare una scansione con registry Booster degli errori di svchost che mi ha trovato la bellezza di 786 errori di cui "fixed" solo 15.
un passo per volta....eseguo cio che mi hai detto tu.........

gfransb · Inviato: 26 Apr 2007 18:59 Oggetto:

Blacks84 · Inviato: 26 Apr 2007 19:27 Oggetto:

beh effettivamente con solo 512Mb di ram penso che faccia fatica Mad

Blacks84 · Inviato: 26 Apr 2007 19:30 Oggetto:

ecco fatto:
scansione rootkit:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2007-04-26 19:25:04
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

SSDT sptd.sys ZwCreateKey
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwCreateProcess
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwCreateProcessEx
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwLoadDriver
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwOpenSection
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwRenameKey
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwSetSystemInformation
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwSuspendProcess
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwSuspendThread
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwSystemDebugControl
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwTerminateProcess
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwTerminateThread
SSDT \??\C:\Programmi\F-Secure\HIPS\fshs.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82FCEC78
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8235FEB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 82D83380
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 82D83380
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP_POWER [F888A32A] fsndis5.sys
Device \Driver\00000092 \Device\00000046 IRP_MJ_SYSTEM_CONTROL [F850EA26] sptd.sys
Device \Driver\00000092 \Device\00000046 IRP_MJ_DEVICE_CHANGE [F8522BD8] sptd.sys
Device \Driver\00000092 \Device\00000046 IRP_MJ_PNP_POWER [F851B54E] sptd.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP_POWER [F888A32A] fsndis5.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E17FCC18
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82FA83F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{38D54BC1-02C0-455D-AB52-F221D440F68A} IRP_MJ_CREATE 82E2BD88
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 82D75D58
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 82D75D58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82E24918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 82FA83F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82E24918
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F8AFC6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN [F8AFC6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F8AFC6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN [F8AFC6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SHUTDOWN [F8AFC6C1] prosync1.sys
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100D0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 82E2BD88
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 82E2BD88
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP_POWER [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP_POWER [F888A32A] fsndis5.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 82FCEEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 82FCEEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 82D70B18
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP [F888A32A] fsndis5.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP_POWER [F888A32A] fsndis5.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82D70B18
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 82D70B18
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 82DCD7F8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 82DCD7F8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 82DCD7F8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 82DCD7F8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 82DCD7F8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 82DCD7F8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 82DCD7F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 82FA83F0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 82DAEDA8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82E27760
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 82E27760
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8235FEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82D7FE88

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{856B1CE2-C588-48E2-A510-82C6BE46B7AD}

---- EOF - GMER 1.0.10 ----

invece la scansione su "autostart" con "show all" e la seguente:

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2007-04-26 19:30:45
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CLTNetCnService /*Symantec Lic NetConnect service*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
F-Secure Gatekeeper Handler Starter /*FSGKHS*/@ = "C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe"
FSMA /*F-Secure Management Agent*/@ = "C:\Programmi\F-Secure\Common\FSMA32.EXE"
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@C-Media Echo ControlC:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe = C:\Programmi\PCI Audio Applications\Bin\EchoCtrl.exe
@C-Media MixerMixer.exe /startup = Mixer.exe /startup
@NWEReboot /*file not found*/ = /*file not found*/
@SpywareBotC:\Programmi\SpywareBot\SpywareBot.exe -boot /*file not found*/ = C:\Programmi\SpywareBot\SpywareBot.exe -boot /*file not found*/
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@ /*file not found*/ = /*file not found*/
@Sony Ericsson PC Suite"C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions = "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
@Emurayden PSX Emulatorc:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe /*file not found*/ = c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe /*file not found*/
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_03\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
@ATIPTAatiptaxx.exe /*file not found*/ = atiptaxx.exe /*file not found*/
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@F-Secure Manager"C:\Programmi\F-Secure\Common\FSM32.EXE" /splash = "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
@F-Secure TNB"C:\Programmi\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW = "C:\Programmi\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SpywareBotC:\Programmi\SpywareBot\SpywareBot.exe -boot /*file not found*/ = C:\Programmi\SpywareBot\SpywareBot.exe -boot /*file not found*/
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@Uniblue Registry Booster2C:\Programmi\Uniblue\RegistryBooster2\RegistryBooster.exe /S = C:\Programmi\Uniblue\RegistryBooster2\RegistryBooster.exe /S

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Shell Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E62-B078-11d0-89E4-00C04FC9E26E} /*History Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{A5110426-177D-4e08-AB3F-785F10B4439C} /*Sony Ericsson Gestione file*/C:\Programmi\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll = C:\Programmi\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Prog

Blacks84 · Inviato: 26 Apr 2007 19:35 Oggetto:

cmq mi son dimenticato di dirvelo (magari puo essere relativamente importante)ma alla qnd ho fatto partire la scansione di GMER del rootkit per quattro volte si e bloccato dandomi il classico.....

Si è verificato un errore in gmer.exe. L'applicazione verrà chiusa.
Segnalazione del problema a Microsoft

poi al quinto e ultimo tentativo non ha piu fatto storie......... Evil or Very Mad

bdoriano · Inviato: 26 Apr 2007 20:16 Oggetto:

anche in questo log non vedo nulla di anormale...
a parte la lunga lista dei programmi all'avvio.

il fatto che gmer si sia bloccato più volte può essere indice di qualche ospite indesiderato, ma potrebbe anche essere dovuto a problemi nel file di registro o di windows in generale.

io proverei con:
- disabilitazione di alcuni programmi all'avvio del pc (potresti usare Autoruns)
- pulizia del file di registro
- deframmentazione del disco

Blacks84 · Inviato: 26 Apr 2007 20:24 Oggetto:

ok....scusa la mia ignoranza ma la pulizia del file del registro come la faccio o meglio dove la trovo?????mica e la stessa cosa di pulitura del disco??????????

Blacks84 · Inviato: 26 Apr 2007 20:29 Oggetto:

cmq ringrazio di tutto.....gentilissimi come sempre Rolling Eyes

bdoriano · Inviato: 26 Apr 2007 20:37 Oggetto:

per la pulizia del registro io uso questi (in sequenza):
- Easy Cleaner
- CCleaner
- NTRegOpt

deframmentazione del disco (uno dei due):
- PowerDefragmenter (free)
- PerfectDisk (a pagamento)

Blacks84 · Inviato: 27 Apr 2007 06:29 Oggetto:

ok....mille grazie di tutto.......