Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Potreste analizzare il mio file log?
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 17:05    Oggetto: Potreste analizzare il mio file log? Rispondi citando

Ciao a tutti gli utenti del forum.
I file 010 non sono riuscito ad eliminarli in nessun modo potete aiutarmi? grazie...
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Cyberlink\PowerCinema\PCMService.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Saitek\Software\Profiler.exe
C:\Programmi\Saitek\Software\SaiSmart.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\winlirc.exe
C:\Programmi\ATITool\ATITool.exe
C:\Programmi\girder\Girder.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avant Browser\avant.exe
C:\Documents and Settings\RICCARDO E ALBERTO\Impostazioni locali\Temporary Internet Files\Content.IE5\D9KYD47H\FixBargainbuddy[1].exe
C:\Programmi\Outlook Express\msimn.exe
D:\setup\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazzetta.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load= C:\TCWIN45\PIPELINE\remind.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Cyberlink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Profiler] C:\Programmi\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Programmi\Saitek\Software\SaiSmart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AC Milan Alerts] "C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: ATITool.lnk = C:\Programmi\ATITool\ATITool.exe
O4 - Startup: Girder3.lnk = C:\Programmi\girder\Girder.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 - Global Startup: winlirc.exe
O8 - Extra context menu item: Aggiungi l'indirizzo alla Lista pubblicità indesiderata - C:\Programmi\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Apri in una nuova sessione di Avant Browser - C:\Programmi\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Apri tutti i collegamenti in questa pagina - C:\Programmi\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blocca tutte le immagini provenienti da questo server - C:\Programmi\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cerca - C:\Programmi\Avant Browser\Search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Evidenzia in questa pagina - C:\Programmi\Avant Browser\Highlight.htm
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.guidapraticaalcomputer.it
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5619E5E-98C0-47A2-AE71-4FD8020ED930}: NameServer = 210.22.70.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 27 Dic 2007 17:27    Oggetto: Rispondi citando

Ciao fabulas, Ciao

Il log di hijackthis è incompleto (manca l'intestazione con la versione di hijackthis, il S.O. utilizzato, l'indicazione del Service Pack, etc...)

Scaricati anche LSPFix e scompattalo in una sua cartella.
Avvia LSPFix
dovrebbero comparire delle voci nella finestra Remove
metti il segno di spunta a I know what I'm doing
Clicca su Finish
Riavvia il pc e rifai il log di hijackthis

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 17:46    Oggetto: Rispondi citando

L'intestazione e' questa:
Logfile of HijackThis v1.99.1
Scan saved at 16.38.53, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)



In Lsp-Fix non compare niente sulla finestrella remove invece sulla finestrella keep ci sono 5 file...
cosa faccio?
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 27 Dic 2007 19:37    Oggetto: Rispondi citando

Puoi descrivere i file che compaiono quali sono?. Probabilmente non sono da eliminare..
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 19:49    Oggetto: Rispondi citando

Cosi mi appare il programma:

Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 27 Dic 2007 19:58    Oggetto: Rispondi citando

Mi pare che non sono questi i file da eliminare.
Proviamo così:
Scarica Spybot Search & Destroy, lo trovi anche su www.filehippo.com.
Avvialo e aggiornalo mediante il bottone cerca aggiornamenti;
Una volta che ti fa vedere gli aggiornamenti, assicurati che siano tutti selezionati e clicca sul bottone in alto scarica aggiornamenti. Dopo puoi fare anche l'immunizzazione. Alla fine disconnetiti da internet e avvia la scansione del PC. Ti troverà alcuni problemi, assicurati che siano selezionati e clicca su Correggi problemi
Fatto questo, prosegui così:
Vai su Start -->> Esegui -->> digita cmd e dai l'Ok

-Al prompt dei comandi digita netsh Winsock reset e dai l'Ok
Quando ricevi un messaggio del genere "reimpostazione catalogo Winsock completata" dovrai riavviare;

-Al riavvio vai di nuovo al prompt e questa volta digita netsh int ip reset reset.log e premi invio;

-Dovrebbe essere resettato il WinSock adesso

PS:le operazioni eseguile con tutte le altre applicazioni chiuse e antivirus disattivato.
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 20:06    Oggetto: Rispondi citando

ho gia' usato spybot. ho fatto la scansione e corretto i file ma subito dopo non funzionava piu' internet quindi ho dovuto fare il ripristino configurazione di sistema.
Posso passare direttamente visto che spybot mi ha dato questi problemi al promt dei comandi come mi hai detto tu di fare?
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 27 Dic 2007 20:15    Oggetto: Rispondi citando

Yes... Wink
Però ti consiglio di fare prima la scansione con Spybot, e poi esegui gli altri passaggi.
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 20:44    Oggetto: Rispondi citando

ho fatto quei passaggi ma poi non mi funzionava piu' Internet... adesso ho modificato qualcosa non so nemmeno io cosa e sta andando... ma perche' non andava piu' internet?
adesso ho cancellato il file rlls.dll manualmente che prima non mi faceva cancellare.
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 27 Dic 2007 20:57    Oggetto: Rispondi citando

Perchè bisognava eseguire dopo la scansione con Spybot, questi passi. Lo hai fatto correttamente?
Sante62 ha scritto:

Vai su Start -->> Esegui -->> digita cmd e dai l'Ok

-Al prompt dei comandi digita netsh Winsock reset e dai l'Ok
Quando ricevi un messaggio del genere "reimpostazione catalogo Winsock completata" dovrai riavviare;

-Al riavvio vai di nuovo al prompt e questa volta digita netsh int ip reset reset.log e premi invio;

-Dovrebbe essere resettato il WinSock adesso

PS:le operazioni eseguile con tutte le altre applicazioni chiuse e antivirus disattivato.

Adesso allega un log di HJT e nel frattempo fai questi passi:
Scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 21:00    Oggetto: Rispondi citando

si ma spybot aveva corretto i file ma non funzionava piu' internet come adesso . Adesso ho cancellato il file rlls.dll ho fatto bene o non si doveva cancellare?
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 21:17    Oggetto: Rispondi citando

questo e' il log con HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 19.58.30, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Cyberlink\PowerCinema\PCMService.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Saitek\Software\Profiler.exe
C:\Programmi\Saitek\Software\SaiSmart.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\winlirc.exe
C:\Programmi\ATITool\ATITool.exe
C:\Programmi\girder\Girder.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Avant Browser\avant.exe
C:\Programmi\MSN Messenger\usnsvc.exe
D:\setup\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazzetta.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load= C:\TCWIN45\PIPELINE\remind.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Cyberlink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Profiler] C:\Programmi\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Programmi\Saitek\Software\SaiSmart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AC Milan Alerts] "C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: ATITool.lnk = C:\Programmi\ATITool\ATITool.exe
O4 - Startup: Girder3.lnk = C:\Programmi\girder\Girder.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 - Global Startup: winlirc.exe
O8 - Extra context menu item: Aggiungi l'indirizzo alla Lista pubblicità indesiderata - C:\Programmi\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Apri in una nuova sessione di Avant Browser - C:\Programmi\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Apri tutti i collegamenti in questa pagina - C:\Programmi\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blocca tutte le immagini provenienti da questo server - C:\Programmi\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cerca - C:\Programmi\Avant Browser\Search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Evidenzia in questa pagina - C:\Programmi\Avant Browser\Highlight.htm
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.guidapraticaalcomputer.it
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5619E5E-98C0-47A2-AE71-4FD8020ED930}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 21:18    Oggetto: Rispondi citando

questo e' il log con gmer autostart:

GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-12-27 20:04:03
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * lsdelete /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice /*Ad-Aware 2007 Service*/@ = "C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
BthServ /*Bluetooth Support Service*/@ = %SystemRoot%\system32\svchost.exe -k bthsvcs
btwdins /*Bluetooth Service*/@ = C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CyberLink Media Library Service /*CyberLink Media Library Service*/@ = "C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Diskeeper /*Diskeeper*/@ = "C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe"
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Netman /*Connessioni di rete*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RichVideo /*Cyberlink RichVideo Service(CRVS)*/@ = "C:\Programmi\CyberLink\Shared files\RichVideo.exe" ??????????????????????????????????????????????????
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@zzzHPSETUPF:\Setup.exe = F:\Setup.exe
@Share-to-Web Namespace DaemonC:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe = C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
@ISUSPM StartupC:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup = C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
@ISUSScheduler"C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start = "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" = "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
@PCMService"C:\Programmi\Cyberlink\PowerCinema\PCMService.exe" = "C:\Programmi\Cyberlink\PowerCinema\PCMService.exe"
@PinnacleDriverCheckC:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
@GrooveMonitor"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" = "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@CnxTrApprundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB" = rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
@SunJavaUpdateSched"C:\Programmi\Java\jre1.6.0\bin\jusched.exe" = "C:\Programmi\Java\jre1.6.0\bin\jusched.exe"
@DiskeeperSystray"C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" = "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
@CanonSolutionMenuC:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon = C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
@CanonMyPrinterC:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon = C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
@AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@ProfilerC:\Programmi\Saitek\Software\Profiler.exe = C:\Programmi\Saitek\Software\Profiler.exe
@SaiSmartC:\Programmi\Saitek\Software\SaiSmart.exe = C:\Programmi\Saitek\Software\SaiSmart.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@AC Milan Alerts"C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe" = "C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe"
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{553858A7-4922-4e7e-B1C1-97140C1C16EF}C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}(null) =
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\system\ole db\oledb32.dll = C:\Programmi\File comuni\system\ole db\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{ABC70703-32AF-11d4-90C4-D483A70F4825} /*CMenuExtender*/C:\Programmi\iColorFolder\CMExt.dll = C:\Programmi\iColorFolder\CMExt.dll
@{0D6D4F41-2994-4ba0-8FEF-620E43CD2812} /*IE Microsoft Internet Toolbar*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980} /*Explorer Travel Band*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F} /*Explorer Search Band*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{DE011590-0531-4804-9C9C-3FEDC7E6E5C8} /*IE &Address*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{7E48925F-FF5C-47fa-A99A-F5912A10623B} /*IE Address EditBox*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7EDC7DE1-DD42-457a-8B36-B422F8E94E14} /*IE Shell DeskBar*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F0353E1D-FEEC-474e-A984-1E5C6865E380} /*IE Global Folder Settings*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{DBC04CF4-BE36-4f53-9C48-2D3625CA7694} /*IE Thumbnail Image*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{482A7CB3-2EDF-4595-A315-A5244F1E96E6} /*IE Search Control*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{0B1818A2-EA07-4a55-AF57-1F410EBD21D3} /*Favorites Band*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CF74B903-3389-469c-B3B6-0204D204FCBD} /*SnagIt Shell Extension*/C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll = C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office12\msohevi.dll = C:\Programmi\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*Bluetooth Neighborhood*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll
@{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} /*VPCHostCopyHook*/C:\Programmi\Connectix\Connectix Virtual PC Trial\VPCShExH.DLL = C:\Programmi\Connectix\Connectix Virtual PC Trial\VPCShExH.DLL
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
SnagItMainShellExt@{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CMenuExtender@{ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\Programmi\iColorFolder\CMExt.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
SnagItMainShellExt@{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programmi\TechSmith\SnagIt 8\SnagItShellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.6.0\bin\ssv.dll = C:\Programmi\Java\jre1.6.0\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll = C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\Aquarium.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.gazzetta.it/

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
grooveLocalGWS@CLSID = C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
sysimage@CLSID = C:\WINDOWS\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5A30839F-6ECF-494D-A9B8-DE02740FC2F2} /*Connessione alla rete locale (LAN) 10*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000028@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000029@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000030@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000031@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000032@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000033@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000034@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000035@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000036@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000037@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000038@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000039@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000040@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000041@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000042@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll

C:\Documents and Settings\RICCARDO E ALBERTO\Menu Avvio\Programmi\Esecuzione automatica >>>
ATITool.lnk = ATITool.lnk
Girder3.lnk = Girder3.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
QuickTV.lnk = QuickTV.lnk
winlirc.exe = winlirc.exe

C:\WINDOWS\win.iniload = C:\TCWIN45\PIPELINE\remind.exe

---- EOF - GMER 1.0.13 ----
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 21:40    Oggetto: Rispondi citando

ecco quello rookit:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-27 20:31:45
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\SPTD9485.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo.

---- User code sections - GMER 1.0.13 ----

.text C:\Programmi\MSN Messenger\msnmsgr.exe[1408] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10002860 C:\Programmi\ATITool\ATITOOLHOOKS.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1408] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 10002890 C:\Programmi\ATITool\ATITOOLHOOKS.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1408] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\PROGRA~1\WINZIP\winzip32.exe[2932] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003D2860 C:\Programmi\ATITool\ATITOOLHOOKS.dll
.text C:\PROGRA~1\WINZIP\winzip32.exe[2932] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 003D2890 C:\Programmi\ATITool\ATITOOLHOOKS.dll
.text C:\Documents and Settings\RICCARDO E ALBERTO\Impostazioni locali\Temp\wzd930\gmer.exe[3648] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10002860 C:\Programmi\ATITool\ATITOOLHOOKS.dll
.text C:\Documents and Settings\RICCARDO E ALBERTO\Impostazioni locali\Temp\wzd930\gmer.exe[3648] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 10002890 C:\Programmi\ATITool\ATITOOLHOOKS.dll
.text C:\Programmi\Avant Browser\avant.exe[3896] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10002860 C:\Programmi\ATITool\ATITOOLHOOKS.dll
.text C:\Programmi\Avant Browser\avant.exe[3896] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 10002890 C:\Programmi\ATITool\ATITOOLHOOKS.dll

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F771ADB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F773071E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F771B3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F771B2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F771B482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F771B482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F771B3B2] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F771B2B6] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7730032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F771AF6E] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7730864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F771FF78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7730864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F772FC76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F770D020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F770D020] sptd.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [A7BD36DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoCheckIfPossible [A7BD41C5] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoRead [A7BD42C2] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoWrite [A7BD43BF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryBasicInfo [A7BD44BC] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryStandardInfo [A7BD4599] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoLock [A7BD4676] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockSingle [A7BD477C] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockAll [A7BD486D] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockAllByKey [A7BD4942] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs AcquireFileForNtCreateSection [A7BD4B25] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs ReleaseFileForNtCreateSection [A7BD4BCB] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryNetworkOpenInfo [A7BD4D1C] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [A7BD4DF9] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs MdlRead [A7BD4ED4] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs MdlReadComplete [A7BD4FC5] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs PrepareMdlWrite [A7BD508F] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs MdlWriteComplete [A7BD5180] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryOpen [A7BD5614] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs AcquireForCcFlush [A7BD57B8] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs ReleaseForCcFlush [A7BD5882] LF30XP.sys

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7DBD404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7DBD404] avg7rsw.sys

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_NAMED_PIPE [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_INTERNAL_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_MAILSLOT [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_SECURITY [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_SECURITY [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_POWER [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CHANGE [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_QUOTA [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_QUOTA [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP [A7BD36DF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoCheckIfPossible [A7BD41C5] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoRead [A7BD42C2] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoWrite [A7BD43BF] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoQueryBasicInfo [A7BD44BC] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoQueryStandardInfo [A7BD4599] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoLock [A7BD4676] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoUnlockSingle [A7BD477C] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoUnlockAll [A7BD486D] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoUnlockAllByKey [A7BD4942] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom FastIoQueryNetworkOpenInfo [A7BD4D1C] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom AcquireForCcFlush [A7BD57B8] LF30XP.sys
Device \FileSystem\Fastfat \FatCdrom ReleaseForCcFlush [A7BD5882] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLOSE [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_READ [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_POWER [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP [A7BD36DF] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoCheckIfPossible [A7BD41C5] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoRead [A7BD42C2] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoWrite [A7BD43BF] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoQueryBasicInfo [A7BD44BC] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoQueryStandardInfo [A7BD4599] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoLock [A7BD4676] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoUnlockSingle [A7BD477C] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoUnlockAll [A7BD486D] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoUnlockAllByKey [A7BD4942] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoDetachDevice [A7BD4C71] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoQueryNetworkOpenInfo [A7BD4D1C] LF30XP.sys
Device \FileSystem\Mup \Dfs MdlRead [A7BD4ED4] LF30XP.sys
Device \FileSystem\Mup \Dfs MdlReadComplete [A7BD4FC5] LF30XP.sys
Device \FileSystem\Mup \Dfs PrepareMdlWrite [A7BD508F] LF30XP.sys
Device \FileSystem\Mup \Dfs MdlWriteComplete [A7BD5180] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoReadCompressed [A7BD5255] LF30XP.sys
Device \FileSystem\Mup \Dfs FastIoWriteCompressed [A7BD5362] LF30XP.sys
Device \FileSystem\Mup \Dfs MdlReadCompleteCompressed [A7BD546F] LF30XP.sys
Device \FileSystem\Mup \Dfs MdlWriteCompleteCompressed [A7BD553C] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_CREATE [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_CREATE_NAMED_PIPE [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_CLOSE [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_READ [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_WRITE [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_QUERY_INFORMATION [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_SET_INFORMATION [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_QUERY_EA [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_SET_EA [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_FLUSH_BUFFERS [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_QUERY_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_SET_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_DIRECTORY_CONTROL [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_FILE_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_INTERNAL_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_SHUTDOWN [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_LOCK_CONTROL [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_CLEANUP [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_CREATE_MAILSLOT [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_QUERY_SECURITY [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_SET_SECURITY [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_POWER [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_DEVICE_CHANGE [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_QUERY_QUOTA [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_SET_QUOTA [A7BD36DF] LF30XP.sys
Device \Driver\Serial \Device\Serial1 IRP_MJ_PNP [A7BD36DF] LF30XP.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8378B0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8378B0E8
Device \FileSystem\RAW \Device\RawTape IRP_MJ_CREATE [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_CREATE_NAMED_PIPE [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_CLOSE [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_READ [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_WRITE [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_EA [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_EA [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_FLUSH_BUFFERS [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_VOLUME_INFORMATION [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_DIRECTORY_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_FILE_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_INTERNAL_DEVICE_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_SHUTDOWN [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_LOCK_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_CLEANUP [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_CREATE_MAILSLOT [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_SECURITY [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_SECURITY [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_POWER [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_SYSTEM_CONTROL [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_DEVICE_CHANGE [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_QUOTA [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_QUOTA [A7BD36DF] LF30XP.sys
Device \FileSystem\RAW \Device\RawTape IRP_MJ_PNP
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 21:42    Oggetto: Rispondi citando

ho postato tutti e tre i log.... fammi sapere
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 27 Dic 2007 22:12    Oggetto: Rispondi citando

fabulas ha scritto:
si ma spybot aveva corretto i file ma non funzionava piu' internet come adesso . Adesso ho cancellato il file rlls.dll ho fatto bene o non si doveva cancellare?

Si, si può cancellare e compariva anche nella scermata di LSPFix e non ci ho fatto caso. Comunque se funziona bene internet, andiamo avanti.
Il log di HJT presenta questa riga, se non la conosci selezionala e poi premi Fix Checked, rispondendo si.
Citazione:
O4 - Global Startup: winlirc.exe

I log di GMER vanno caricati su www.freefilehosting.net, per farlo, casomai rileggi la guida.
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 22:20    Oggetto: Rispondi citando

si lo conosco quel file l'ho installato io....
Intando ti ringrazio per avermi aiutato ad eliminare quel file...
ho un problema con msn in pratica si interrompe la connessione ogni minuto mi sapresti dire da cosa dipende? grazie
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 27 Dic 2007 22:57    Oggetto: Rispondi citando

Non mi viene semplice dirlo. Finiamo di ripulire il PC e poi vediamo come va.
Top
Profilo Invia messaggio privato
fabulas
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 27/12/07 16:56
Messaggi: 116

MessaggioInviato: 27 Dic 2007 22:58    Oggetto: Rispondi citando

ah ok... cosa devo fare adesso?
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 27 Dic 2007 23:02    Oggetto: Rispondi

Questo:
Sante62 ha scritto:

I log di GMER vanno caricati su www.freefilehosting.net, per farlo, casomai rileggi la guida.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2, 3, 4  Successivo
Pagina 1 di 4

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi