Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Mi date una controllatina....

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Mi date una controllatina....

Postdi andy81 » 01/10/06 20:54

Logfile of HijackThis v1.99.1
Scan saved at 21.51.27, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Andy\Desktop\pippo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 195.72.134.100 http://www.bwin.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {394DD9FB-E742-591F-73A9-AC6C7D6F32EB} - C:\WINDOWS\rwlkk1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AC Milan Alerts] "C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.eversoft.co.kr/vmpinstaller/ ... 3251d.html
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {AFCF364F-F730-4B1E-B2D5-80F9172FBC44} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {B8634A6E-38D5-4AAE-8708-3F3DB92FF9D0} (NTR Activex 1.0.8) - http://ta.teamsystem.com/inquiero/mod/s ... vex108.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10243-23.exe
O16 - DPF: {F4653484-F38C-455F-BB15-1175E527754E} (VideoProducer Class) - http://static.one2one.com/class/webcam2_ie6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B6F82D6-7CB3-4C0E-A8A0-5F7B3C8321AC}: NameServer = 195.130.224.18 195.130.225.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE6525D0-1CAB-424F-8C79-A58A4E416327}: NameServer = 195.130.224.18,195.130.225.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\Ctsvccda.exe (file missing)
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programmi\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

Cosi', solo x curiosità grazie a tutti!
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Sponsor
 

Postdi Luke57 » 01/10/06 21:15

Ciao, così per curiosità ;) mi sa che sei affetto da linkoptimizer.
Scarica queto tool della symantec
Il link al fix della Symantec è questo (176 Kb): http://smallbiz.symantec.com/security_r ... 16-4153-99

L´esito viene salvato nel file FixLinkopt.log

posta il report della scansione.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi andy81 » 01/10/06 22:09

Ciao Luke, come hai fatto a capirlo? grazie ora vado con il link ;)
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi andy81 » 01/10/06 23:18

ecco il log:


Symantec Trojan.Linkoptimizer Removal Tool 1.0.2
SeTakeOwnershipPrivilege acquired
Failed to acquire SeDebugPrivilege
service: SrvMbq (logon as: .\hbyuK, passed filters)

reg: ...\CLSID\{394DD9FB-E742-591F-73A9-AC6C7D6F32EB}\InprocServer32 (key deleted)
reg: ...\CLSID\{394DD9FB-E742-591F-73A9-AC6C7D6F32EB} (key deleted)
reg: ...\Internet Explorer\URLSearchHooks\{394DD9FB-E742-591F-73A9-AC6C7D6F32EB} (value deleted)
reg: ...\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{394DD9FB-E742-591F-73A9-AC6C7D6F32EB} (key deleted)
C:\WINDOWS\rwlkk1.dll: (deleted)
C:\WINDOWS\system32\bfaa.dll: (deleted)

The scanning procedure was cancelled.


registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConnectionServices (key deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 80910
The number of deleted threat files: 2
The number of threat processes terminated: 0
The number of registry entries fixed: 5
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi andy81 » 02/10/06 08:23

Tutto ok dopo la scansione con quella fix...
C'è altro secondo voi? grazie
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi Luke57 » 02/10/06 08:45

Ciao, scarica Gmer :
http://www.gmer.net/gmer111.zip
Dopo averlo scompattato, lo avvii, entri in Avanzate premendo>>>>>>,selezioni il tab "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Incolli il log gemerato in un blocco notes (foglio di testo) e salvi il medesimo foglio..

Con la stessa procedura fai una scansione nella posizione Autostart (spunta “show all”) la copi e incolli nel suddetto foglio di testo.

Copi e incolli il contenuto del foglio di testo in un log.

Se non riesc ad apir il programma, avvisa.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi andy81 » 02/10/06 22:30

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-02 23:29:26
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 83B89B78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 83B89B78
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 838E30E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 838E30E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9B86FECE-B296-4457-BCD1-99E9C2EEC634} IRP_MJ_CREATE 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9B86FECE-B296-4457-BCD1-99E9C2EEC634} IRP_MJ_CLOSE 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9B86FECE-B296-4457-BCD1-99E9C2EEC634} IRP_MJ_DEVICE_CONTROL 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9B86FECE-B296-4457-BCD1-99E9C2EEC634} IRP_MJ_INTERNAL_DEVICE_CONTROL 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9B86FECE-B296-4457-BCD1-99E9C2EEC634} IRP_MJ_CLEANUP 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9B86FECE-B296-4457-BCD1-99E9C2EEC634} IRP_MJ_PNP 825C40E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 83BD6238
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 83BD6238
Device \Driver\00000140 \Device\00000063 IRP_MJ_POWER [F7449EA8] sptd.sys
Device \Driver\00000140 \Device\00000063 IRP_MJ_SYSTEM_CONTROL [F745DA70] sptd.sys
Device \Driver\00000140 \Device\00000063 IRP_MJ_PNP [F7456728] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 83BD64F0
Device \Driver\00000140 \Device\00000064 IRP_MJ_POWER [F7449EA8] sptd.sys
Device \Driver\00000140 \Device\00000064 IRP_MJ_SYSTEM_CONTROL [F745DA70] sptd.sys
Device \Driver\00000140 \Device\00000064 IRP_MJ_PNP [F7456728] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 83BD64F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 83902720
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 82596B98
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 82596B98
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 83902720
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B6F82D6-7CB3-4C0E-A8A0-5F7B3C8321AC} IRP_MJ_CREATE 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B6F82D6-7CB3-4C0E-A8A0-5F7B3C8321AC} IRP_MJ_CLOSE 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B6F82D6-7CB3-4C0E-A8A0-5F7B3C8321AC} IRP_MJ_DEVICE_CONTROL 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B6F82D6-7CB3-4C0E-A8A0-5F7B3C8321AC} IRP_MJ_INTERNAL_DEVICE_CONTROL 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B6F82D6-7CB3-4C0E-A8A0-5F7B3C8321AC} IRP_MJ_CLEANUP 825C40E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B6F82D6-7CB3-4C0E-A8A0-5F7B3C8321AC} IRP_MJ_PNP 825C40E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 83902720
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 83902720
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 825C40E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 825C40E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 825C40E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 825C40E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 825C40E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 825C40E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 825C40E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 825C40E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 825C40E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 825C40E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 825C40E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 825C40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 83B89E30
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 83B89E30
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 83B89E30
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82595640
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82595640
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82595640
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 82F83718
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 82F83718
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 83BD64F0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 83BD64F0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 83790C38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 83790C38
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 83978E48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_CREATE 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_CLOSE 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_POWER 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_PNP 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_CREATE 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_CLOSE 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_POWER 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_PNP 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 839DBC48
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 839DBC48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 83978E48
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 83978E48
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 838E30E8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 838E30E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 82F82678
ROOTKIT

Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 82F82678
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 82F82678

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi andy81 » 02/10/06 22:32

AUTOSTART

GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-02 23:31:06
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
btwdins /*Bluetooth Service*/@ = C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\system32\Ctsvccda.exe /*file not found*/
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ /*HID Input Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
McAfeeFramework /*Servizio di framework di McAfee*/@ = C:\Programmi\Network Associates\Common Framework\FrameworkService.exe /ServiceStart /*file not found*/
McShield /*Network Associates McShield*/@ = "C:\Programmi\Network Associates\VirusScan\Mcshield.exe"
McTaskManager /*Network Associates Task Manager*/@ = "C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe"
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Multi-user Cleanup Service /*Multi-user Cleanup Service*/@ = C:\Programmi\lotus\notes\ntmulti.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\System32\HPZipm12.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SrvMbq /*SrvMbq*/@ = "C:\Programmi\File comuni\System\HqF.exe"
SSDPSRV /*Servizio di rilevamento SSDP*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
WinDefend /*Windows Defender Service*/@ = "C:\Programmi\Windows Defender\MsMpEng.exe"
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WmdmPmSN /*Portable Media Serial Number Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTStartupC:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run h?? ???s??? ?\?w? ?w???????w???w4 ??? .??w4 4 TA?s4 ? ? ?&2 ???w???w? ? ? \?? \?? ??? ??? U??w???w\?? \?? ??? ??_ ??? ?C@ \?? \?? ???s? ? \?? ???s\?? ?&2 A??s?&2 ?C@ x?? `|?w\?? ??@ /*file not found*/ = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run h?? ???s??? ?\?w? ?w???????w???w4 ??? .??w4 4 TA?s4 ? ? ?&2 ???w???w? ? ? \?? \?? ??? ??? U??w???w\?? \?? ??? ??_ ??? ?C@ \?? \?? ???s? ? \?? ???s\?? ?&2 A??s?&2 ?C@ x?? `|?w\?? ??@ /*file not found*/
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Jet DetectionC:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@ShStatEXE"C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE = "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
@McAfeeUpdaterUI"C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey = "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
@Network Associates Error Reporting Service"C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe" = "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@AC Milan Alerts = "C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WINDOW~3\MpShHook.dll = C:\PROGRA~1\WINDOW~3\MpShHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Shell Microsoft AutoComplete*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Parser della barra degli indirizzi*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\System32\Audiodev.dll = %SystemRoot%\System32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\System32\Audiodev.dll = %SystemRoot%\System32\Audiodev.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\System32\btneighborhood.dll = C:\WINDOWS\System32\btneighborhood.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{EFA24E62-B078-11d0-89E4-00C04FC9E26E} /*History Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE Microsoft AutoComplete*/%SystemRoot%\system32\BROWSEUI.dll = %SystemRoot%\system32\BROWSEUI.dll
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Programmi\Network Associates\VirusScan\shext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Programmi\Network Associates\VirusScan\shext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Programmi\Network Associates\VirusScan\shext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.google.it/

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mctp@CLSID = {d7b95390-b1c5-11d0-b111-0080c712fe82} /*file not found*/
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BE6525D0-1CAB-424F-8C79-A58A4E416327} /*Connessione alla rete locale (LAN) 3*/ >>>
@IPAddress192.168.1.1 = 192.168.1.1
@NameServer195.130.224.18,195.130.225.129 = 195.130.224.18,195.130.225.129
@DefaultGateway192.168.1.254 = 192.168.1.254
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
BTTray.lnk = BTTray.lnk

---- EOF - GMER 1.0.11 ----




CHE NE DICI LUKE?
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi Luke57 » 03/10/06 07:59

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SrvMbq


Files to delete:
C:\Programmi\File comuni\System\HqF.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

Inoltre lancia questo comando:
start>esegui>cmd(lo digiti nello spazio)>OK
Apperto il prompt dei comandi, digiti letteralmente:
cd C:\Programmi\File comuni\System------ > premi Invio
dir > C:\files.txt------------- >Premi Invio
Chiud il prompt, vai in C:\ e dovrsti trovare files.txt. Copia il suo contenuto e incollalo in un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi andy81 » 03/10/06 18:17

ok, prima di tutto ti ringrazio moltissimo...ma con tutte qesti controlli che mi stai facendo fare sembrerebbe che il mio pc deve esplodere da un momneto all altro? grazie ancora cmq 6 un grande! :P
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi andy81 » 03/10/06 18:25

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lhe^ooue

*******************

Script file located at: \??\C:\glubaarg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvMbq deleted successfully.
File C:\Programmi\File comuni\System\HqF.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi andy81 » 03/10/06 18:29

Qeusto è il log con cmd!


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lhe^ooue

*******************

Script file located at: \??\C:\glubaarg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvMbq deleted successfully.
File C:\Programmi\File comuni\System\HqF.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi andy81 » 03/10/06 18:30

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7CF3-D591

Directory di C:\Programmi\File comuni\System

03/10/2006 19.22 <DIR> .
E questo è un altro e nn so cos'è, forse questo è quello con CMD!

03/10/2006 19.22 <DIR> ..
14/09/2006 21.21 <DIR> ado
19/08/2004 15.39 81.408 directdb.dll
05/07/2006 12.56 155.136 GzWpqj.exe
14/09/2006 22.37 <DIR> msadc
15/10/2005 02.31 <DIR> MSMAPI
14/09/2006 21.21 <DIR> Ole DB
19/08/2004 15.39 138.240 OlR.exe
17/06/2004 19.55 183.808 uQaWkf.exe
05/07/2006 12.56 95.744 UXSuY.exe
17/03/2006 11.11 510.464 wab32.dll
19/08/2004 15.38 254.976 wab32res.dll
7 File 1.419.776 byte
6 Directory 4.715.286.528 byte disponibili

aSPETTO TUO NOTIZIE... ANZIOSISSIMO"
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi Luke57 » 03/10/06 18:41

Ciao, fai questi controlli:
Start>esegui>control userpasswords2 (lo digiti nello spazio)>OK

Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete Administrators e Utente, Aspnet), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa


Apri hiajckthis, premi "open the misc tools section", "open unistall manager", cerchi ed evidenzi, se ci sono, Linkoptimizer e/o Connection Services, premi "delete this entry".

Riavvia avenger
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\Programmi\File comuni\System\GzWpqj.exe
C:\Programmi\File comuni\System\OlR.exe
C:\Programmi\File comuni\System\uQaWkf.exe
C:\Programmi\File comuni\System\UXSuY.exe
C:\Programmi\File comuni\System

Folders to delete:
C:\Windows\temp



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.

Posta nuovo log di hiajckthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 03/10/06 18:43

Ciao, correggo lo script di avenger da inserire:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\Programmi\File comuni\System\GzWpqj.exe
C:\Programmi\File comuni\System\OlR.exe
C:\Programmi\File comuni\System\uQaWkf.exe
C:\Programmi\File comuni\System\UXSuY.exe

Folders to delete:
C:\Windows\temp
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi andy81 » 03/10/06 22:14

eccolo quà!


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bigtidsi

*******************

Script file located at: \??\C:\Documents and Settings\xrbkijdc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\File comuni\System\GzWpqj.exe deleted successfully.
File C:\Programmi\File comuni\System\OlR.exe deleted successfully.
File C:\Programmi\File comuni\System\uQaWkf.exe deleted successfully.
File C:\Programmi\File comuni\System\UXSuY.exe deleted successfully.
Folder C:\Windows\temp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi andy81 » 03/10/06 22:34

tutto ok, 1)quella utenza strana "XYZFG" nn c'è!
2) nessun programma con hiajckthis "link.. e connection.. trovato!
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12

Postdi andy81 » 04/10/06 18:10

puo' bastare luke? :D
andy81
Utente Junior
 
Post: 14
Iscritto il: 28/09/06 19:12


Torna a Sicurezza e Privacy


Topic correlati a "Mi date una controllatina....":


Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti