Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina HiJackThis - Analisi Log - leggere Regole di Sezione

iPhone 17 Pro: più di uno smartphone. È uno studio di produzione in formato tascabile
iPhone 17 Pro: più di uno smartphone. È uno studio di produzione in formato tascabile
C'è tanta sostanza nel nuovo smartphone della Mela dedicato ai creator digitali. Nuovo telaio in alluminio, sistema di raffreddamento vapor chamber e tre fotocamere da 48 megapixel: non è un semplice smartphone, ma uno studio di produzione digitale on-the-go
Intel Panther Lake: i processori per i notebook del 2026
Intel Panther Lake: i processori per i notebook del 2026
Panther Lake è il nome in codice della prossima generazione di processori Intel Core Ultra, che vedremo al debutto da inizio 2026 nei notebook e nei sistemi desktop più compatti. Nuovi core, nuove GPU e soprattutto una struttura a tile che vede per la prima volta l'utilizzo della tecnologia produttiva Intel 18A: tanta potenza in più, ma senza perdere in efficienza
Intel Xeon 6+: è tempo di Clearwater Forest
Intel Xeon 6+: è tempo di Clearwater Forest
Intel ha annunciato la prossima generazione di processori Xeon dotati di E-Core, quelli per la massima efficienza energetica e densità di elaborazione. Grazie al processo produttivo Intel 18A, i core passano a un massimo di 288 per ogni socket, con aumento della potenza di calcolo e dell'efficienza complessiva.
Le sonde spaziali ESA ExoMars e Mars Express hanno osservato la cometa interstellare 3I/ATLAS
Roscosmos: static fire per i propulsori RD-171 MV dedicati al razzo spaziale russo Soyuz-5
Alcune partite NBA saranno trasmesse in formato immersivo per Apple Vision Pro
Intel Core 13000 e 14000 aumentano ufficialmente di prezzo: rincari fino al 20% in Giappone
Gemini sta per arrivare in Google Maps: l'app sarà ancora più comoda da usare
2 minuti per vedere le 27 offerte imperdibili su Amazon per questo weekend: offerte per tutte le tasche
Ray-Ban Meta Display: tecnologia sorprendente, ma riparabilità nulla secondo iFixit
Un mini PC a prezzo stracciato, non cercate altro: Ryzen 5, 16GB di RAM e 512GB di SSD a 160€, offerta a tempo
Al via i coupon nascosti di ottobre: qualche esempio di veri affari, ma sono decine di migliaia le nuove promozioni
Ferrari Elettrica si aggiorna solo in officina, nessun update OTA per gli utenti
Doppio sconto sugli smartphone top Xiaomi 15T e 15T Pro con fotocamere by Leica: ora si parte da 549€, in regalo 2 accessori da 130€
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 201 di 733 « Prima < 101 151 191 197 198 199 200 201 202 203 204 205 211 251 301 701 > Ultima »
Rispondi
 
Strumenti
Old 07-11-2006, 20:44   #4001
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da TuLKaS85
gromozon removal tool mi dice questo :
The Trojan.Gromozon rootkit component was not found on the system.
Do you wish to continue anyway ?

quindi io dico no...ho provato anche ad andare avanti quindi mi fa riavviare e poi nn succede nulla....

questo lo faccio sempre in mod. provvisoria ??
questo è indifferente..
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 21:16   #4002
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
allora :
eliminate quelle chiavi...con hijackthis
poi
in servizi connessioni ci sono un casino di servizi di rete e sistema locale, ma ho beccato anche il possibile problema, c'è una voce che si chiama .\OUrNkcZShjVt faccio proprietà ed esce avvia automatico, inutile dire che non me lo fa disabilitare (nemmeno in provvisoria).
lo genera un certo file copio il percorso "C:\Programmi\File comuni\System\ibL.exe" in quella cartella system ce ne sono altri di file strani... alcuni sn riuscito a cancellarli ma questo ibl.exe anche rinominandolo non và via !! ho provato anche killbox facendo remove on rebot....

come faccio ???

ma soprattutto come succedono ste cose ??
ho il mio bel antivirus l'antispyware zone alarm
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 21:41   #4003
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da TuLKaS85
allora :
eliminate quelle chiavi...con hijackthis
poi
in servizi connessioni ci sono un casino di servizi di rete e sistema locale, ma ho beccato anche il possibile problema, c'è una voce che si chiama .\OUrNkcZShjVt faccio proprietà ed esce avvia automatico, inutile dire che non me lo fa disabilitare (nemmeno in provvisoria).
lo genera un certo file copio il percorso "C:\Programmi\File comuni\System\ibL.exe" in quella cartella system ce ne sono altri di file strani... alcuni sn riuscito a cancellarli ma questo ibl.exe anche rinominandolo non và via !! ho provato anche killbox facendo remove on rebot....

come faccio ???

ma soprattutto come succedono ste cose ??
ho il mio bel antivirus l'antispyware zone alarm
Allora innanzitutto quei file possono cambiare ad ogni reboot, quindi ogni volta devi controllare nei servizi se il nome del file cambia. Tu hai provato a rinominarlo, riavviare e cancellarlo dopo il reboot? Non a rinominarlo e a cancellarlo subito..
Quindi in generale ogni volta che provi parti sempre da services, e guarda il nome nome del file su cui devi lavorare.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 21:53   #4004
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
si ho rinominato riavviato riprovato a cancellare ma mi dice impossibile il disco è pieno
stessa cosa da modalità provvisoria

in services mi dice che il file eseguibile è sempre lo stesso.... cioè quello di partenza... ora xò ha un nome diverso!

il servizio si chiama NetRco lo stato non è su avviato cmq....
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
Ultima modifica di TuLKaS85 : 07-11-2006 alle 21:55.
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 21:56   #4005
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da TuLKaS85
si ho rinominato riavviato riprovato a cancellare ma mi dice impossibile il disco è pieno
stessa cosa da modalità provvisoria
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

prova con questo tool. Lo esegui, e selezioni il file in questione.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 22:05   #4006
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
Quote:
Originariamente inviato da bReAkDoWn
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

prova con questo tool. Lo esegui, e selezioni il file in questione.

ok il tool lo ha eliminato.... ora sn andato in services ed ho disabilitato quello incriminato.... ora ?? (leggendo cosa avrebbe dovuto fare quella voce, diceva ke si occupava del ripristino della conf. di sistema...)

se provo a cancellare le cartelle che ad ogni riavvio ricompaiono dovrei avere successo stavolta ??
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 22:15   #4007
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da TuLKaS85
ok il tool lo ha eliminato.... ora sn andato in services ed ho disabilitato quello incriminato.... ora ?? (leggendo cosa avrebbe dovuto fare quella voce, diceva ke si occupava del ripristino della conf. di sistema...)

se provo a cancellare le cartelle che ad ogni riavvio ricompaiono dovrei avere successo stavolta ??
Adesso dovresti ricontrollare in services il nome del servizio, aprire un prompt dei comandi (start menu -> esegui -> cmd) e digitare sc delete nomeservizio

Poi riavviare e verificare che: in services.msc non siano ricomparsi servizi con nomi casuali nel campo connessione.
Fare un log con hijackthis e magari ripostarlo qua.
Scaricare gmer (www.gmer.net) e fare due log: rootkit e autostart e incollarli qua come per hijackthis.
Poi siamo vicini alla fine
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 22:27   #4008
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
il servizio incrimintao è saprito dopo il riavvio..... ecco il log hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 23.25.54, on 07/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\SpamWeed\spamweed.exe
C:\Programmi\SpamWeed\swengine.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fabio\Desktop\setup_2006\hijackthis1991\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Hotplug] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpamWeed.lnk = C:\Programmi\SpamWeed\spamweed.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ARCGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 22:32   #4009
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da TuLKaS85
il servizio incrimintao è saprito dopo il riavvio.....
Il log è pulito. Controlla se quelle cartelle ricompaiono o meno, poi se vuoi controllare più approfonditamente fai i log con gmer, altrimenti aspetta e vedi se si presentano altri sintomi nei prossimi giorni. A te la scelta, ciao!
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 22:38   #4010
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
autostart con GMER (per il rootkit devo copiare tutto il casino che è uscito al termine della scansione ????):

GMER 1.0.12.11889 - http://www.gmer.net
Autostart scan 2006-11-07 23:36:48
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
ARCGIS License Manager /*ARCGIS License Manager*/@ = C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ /*HID Input Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
matlabserver /*MATLAB Server*/@ = C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
sfrem01 /*SF FrontLine Drivers Auto Removal (v1)*/@ = %SystemRoot%\system32\sfrem01.exe svc
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc /*Acquisizione di immagini di Windows (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@HotplugC:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe = C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
@SiSRaidC:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe = C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
@SoundMAXPnPC:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe = C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
@SoundMAX"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray = "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
@Zone Labs ClientC:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@NWEReboot /*file not found*/ = /*file not found*/
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\system\ole db\oledb32.dll = C:\Programmi\File comuni\system\ole db\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{6B19FEC2-A45B-11CF-9045-00A0C9039735} /*Registered ActiveX Controls*/C:\Programmi\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL = C:\Programmi\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL
@{D545EBD1-BD92-11CF-8772-00A0C9039735} /*Developer Studio Components*/C:\Programmi\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL = C:\Programmi\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL
@{8F7261D0-D2B9-11D2-9909-00605205B24C} /*CuteFTP Shell Extension*/C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINDOWS\system32\mscoree.dll
application/x-complus@CLSID = C:\WINDOWS\system32\mscoree.dll
application/x-msdownload@CLSID = C:\WINDOWS\system32\mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
SpamWeed.lnk = SpamWeed.lnk

---- EOF - GMER 1.0.12 ----
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 22:42   #4011
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
cavoli che log esagerato, nn penso ke nessuno si metterà a controllarlo mai !!
spero di aver copiato la cosa giusta... cmq ora stacco domani come dico di solito mi tocca svegliare il gallo !!

grazie ancora !!
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 07-11-2006, 22:49   #4012
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da TuLKaS85
autostart con GMER (per il rootkit devo copiare tutto il casino che è uscito al termine della scansione ????):
---
Di solito non viene enorme. Controlla che l'opzione "show all" non sia selezionata e prova a rifare la scansione chiudendo tutte le applicazioni aperte ed evitando di fare qualsiasi cosa finchè non sia terminata. Poi posta il risultato sul forum, se entra in un messaggio
__________________
Without Contraries is no Progression...
Ultima modifica di bReAkDoWn : 07-11-2006 alle 23:29.
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 08-11-2006, 14:47   #4013
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
ecco il log dell'autostart con gmer ....

GMER 1.0.12.11889 - http://www.gmer.net
Autostart scan 2006-11-08 15:46:08
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
ARCGIS License Manager /*ARCGIS License Manager*/@ = C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
matlabserver /*MATLAB Server*/@ = C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
sfrem01 /*SF FrontLine Drivers Auto Removal (v1)*/@ = %SystemRoot%\system32\sfrem01.exe svc
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@HotplugC:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe = C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
@SiSRaidC:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe = C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
@SoundMAXPnPC:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe = C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
@SoundMAX"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray = "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
@Zone Labs ClientC:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@NWEReboot /*file not found*/ = /*file not found*/
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{6B19FEC2-A45B-11CF-9045-00A0C9039735} /*Registered ActiveX Controls*/C:\Programmi\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL = C:\Programmi\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL
@{D545EBD1-BD92-11CF-8772-00A0C9039735} /*Developer Studio Components*/C:\Programmi\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL = C:\Programmi\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL
@{8F7261D0-D2B9-11D2-9909-00605205B24C} /*CuteFTP Shell Extension*/C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c} = C:\Programmi\GlobalSCAPE\CuteFTP\Cuteshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
SpamWeed.lnk = SpamWeed.lnk

---- EOF - GMER 1.0.12 ----
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 08-11-2006, 14:48   #4014
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
per l'analisi del rootkit ho inserito tutte le partizioni e spuntato (come di default) tutte le voci :

Codice:
GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-08 15:54:26
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT    a347bus.sys                                                                                                                                                                                                                                                                                                                                                   ZwClose
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwConnectPort
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwCreateFile
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwCreateKey
SSDT    a347bus.sys                                                                                                                                                                                                                                                                                                                                                   ZwCreatePagingFile
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwCreateProcess
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwCreateProcessEx
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwCreateSection
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwDeleteFile
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwDeleteKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwDeleteValueKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwDuplicateObject
SSDT    a347bus.sys                                                                                                                                                                                                                                                                                                                                                   ZwEnumerateKey
SSDT    a347bus.sys                                                                                                                                                                                                                                                                                                                                                   ZwEnumerateValueKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwLoadKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwOpenFile
SSDT    a347bus.sys                                                                                                                                                                                                                                                                                                                                                   ZwOpenKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwOpenProcess
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwOpenThread
SSDT    a347bus.sys                                                                                                                                                                                                                                                                                                                                                   ZwQueryKey
SSDT    a347bus.sys                                                                                                                                                                                                                                                                                                                                                   ZwQueryValueKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwReplaceKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwRequestWaitReplyPort
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwRestoreKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwSecureConnectPort
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwSetInformationFile
SSDT    a347bus.sys                                                                                                                                                                                                                                                                                                                                                   ZwSetSystemPowerState
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwSetValueKey
SSDT    \SystemRoot\System32\vsdatant.sys                                                                                                                                                                                                                                                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text   ntoskrnl.exe!ZwYieldExecution + 13B                                                                                                                                                                                                                                                                                                                           804E4FFC 8 Bytes 
.text   ntoskrnl.exe!ZwYieldExecution + 177                                                                                                                                                                                                                                                                                                                           804E5038 8 Bytes 

---- Devices - GMER 1.0.12 ----

Device  \FileSystem\Ntfs \Ntfs IRP_MJ_READ                                                                                                                                                                                                                                                                                                                            8679F290
Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_READ                                                                                                                                                                                                                                                                                                                     86562AA0
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                                        [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                                         [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                                [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                       [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                                       [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                                       [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                                        [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                               [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                      [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                                      [B7AE8230] vsdatant.sys
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                                    86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                                                                                                                                                                                         86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                                     86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ                                                                                                                                                                                                                                                                                                                      86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE                                                                                                                                                                                                                                                                                                                     86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION                                                                                                                                                                                                                                                                                                         86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION                                                                                                                                                                                                                                                                                                           86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA                                                                                                                                                                                                                                                                                                                  86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA                                                                                                                                                                                                                                                                                                                    86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS                                                                                                                                                                                                                                                                                                             86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                                  86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                                    86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                                                                                                                                                                                         86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                       86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                            86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                   86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN                                                                                                                                                                                                                                                                                                                  86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL                                                                                                                                                                                                                                                                                                              86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                                   86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT                                                                                                                                                                                                                                                                                                           86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY                                                                                                                                                                                                                                                                                                            86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY                                                                                                                                                                                                                                                                                                              86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER                                                                                                                                                                                                                                                                                                                     86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                            86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE                                                                                                                                                                                                                                                                                                             86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA                                                                                                                                                                                                                                                                                                               86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA                                                                                                                                                                                                                                                                                                                 86275B48
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP                                                                                                                                                                                                                                                                                                                       86275B48
Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ                                                                                                                                                                                                                                                                                                                  863A5F88
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                                    86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                                                                                                                                                                                         86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                                     86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ                                                                                                                                                                                                                                                                                                                      86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE                                                                                                                                                                                                                                                                                                                     86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION                                                                                                                                                                                                                                                                                                         86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION                                                                                                                                                                                                                                                                                                           86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA                                                                                                                                                                                                                                                                                                                  86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA                                                                                                                                                                                                                                                                                                                    86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS                                                                                                                                                                                                                                                                                                             86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                                  86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                                    86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                                                                                                                                                                                         86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                       86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                            86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                   86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN                                                                                                                                                                                                                                                                                                                  86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL                                                                                                                                                                                                                                                                                                              86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                                   86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT                                                                                                                                                                                                                                                                                                           86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY                                                                                                                                                                                                                                                                                                            86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY                                                                                                                                                                                                                                                                                                              86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER                                                                                                                                                                                                                                                                                                                     86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                            86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE                                                                                                                                                                                                                                                                                                             86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA                                                                                                                                                                                                                                                                                                               86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA                                                                                                                                                                                                                                                                                                                 86275B48
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP                                                                                                                                                                                                                                                                                                                       86275B48
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ                                                                                                                                                                                                                                                                                                                86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE                                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION                                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA                                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA                                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS                                                                                                                                                                                                                                                                                                       86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                 86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN                                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL                                                                                                                                                                                                                                                                                                        86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT                                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY                                                                                                                                                                                                                                                                                                        86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER                                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE                                                                                                                                                                                                                                                                                                       86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA                                                                                                                                                                                                                                                                                                         86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA                                                                                                                                                                                                                                                                                                           86275D08
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP                                                                                                                                                                                                                                                                                                                 86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ                                                                                                                                                                                                                                                                                                                86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE                                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION                                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA                                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA                                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS                                                                                                                                                                                                                                                                                                       86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                 86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN                                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL                                                                                                                                                                                                                                                                                                        86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT                                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY                                                                                                                                                                                                                                                                                                        86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER                                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE                                                                                                                                                                                                                                                                                                       86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA                                                                                                                                                                                                                                                                                                         86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA                                                                                                                                                                                                                                                                                                           86275D08
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP                                                                                                                                                                                                                                                                                                                 86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                                                                                                                                                                          86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_READ                                                                                                                                                                                                                                                                                                       86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_WRITE                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_INFORMATION                                                                                                                                                                                                                                                                                          86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_INFORMATION                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_EA                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_EA                                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_FLUSH_BUFFERS                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                                                                                                                                                                          86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                        86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                    86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SHUTDOWN                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_LOCK_CONTROL                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                    86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CREATE_MAILSLOT                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_SECURITY                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_SECURITY                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_POWER                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_DEVICE_CHANGE                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_QUOTA                                                                                                                                                                                                                                                                                                86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_QUOTA                                                                                                                                                                                                                                                                                                  86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_PNP                                                                                                                                                                                                                                                                                                        86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                                                                                                                                                                          86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ                                                                                                                                                                                                                                                                                                       86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION                                                                                                                                                                                                                                                                                          86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA                                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                     86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL                                                                                                                                                                                                                                                                                          86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                        86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                    86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN                                                                                                                                                                                                                                                                                                   86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                    86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT                                                                                                                                                                                                                                                                                            86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY                                                                                                                                                                                                                                                                                               86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER                                                                                                                                                                                                                                                                                                      86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                             86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE                                                                                                                                                                                                                                                                                              86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA                                                                                                                                                                                                                                                                                                86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA                                                                                                                                                                                                                                                                                                  86275D08
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP                                                                                                                                                                                                                                                                                                        86275D08
Device  \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ                                                                                                                                                                                                                                                                                                              85D77CD0
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                                       [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                                        [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                               [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                      [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                                      [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                                     [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                                      [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                             [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                    [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                                    [B7AE8230] vsdatant.sys
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ                                                                                                                                                                                                                                                                                                 86321AD8
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                               [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                                [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                       [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                              [B7AE8230] vsdatant.sys
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                              [B7AE8230] vsdatant.sys
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ                                                                                                                                                                                                                                                                                                       86321AD8
Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ                                                                                                                                                                                                                                                                                                                863A2E90
Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ                                                                                                                                                                                                                                                                                                                 863A19D8
Device  \Driver\SiSRaid2 \Device\Scsi\SiSRaid21 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                        8679E668
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE                                                                                                                                                                                                                                                                                                         86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                                                                                                                                                                              86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                                          86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ                                                                                                                                                                                                                                                                                                           86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE                                                                                                                                                                                                                                                                                                          86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION                                                                                                                                                                                                                                                                                              86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION                                                                                                                                                                                                                                                                                                86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA                                                                                                                                                                                                                                                                                                       86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA                                                                                                                                                                                                                                                                                                         86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS                                                                                                                                                                                                                                                                                                  86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                       86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                                                                                                                                                                         86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                                                                                                                                                                              86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                            86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                                                 86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                                        86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN                                                                                                                                                                                                                                                                                                       86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL                                                                                                                                                                                                                                                                                                   86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                                        86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT                                                                                                                                                                                                                                                                                                86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY                                                                                                                                                                                                                                                                                                 86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY                                                                                                                                                                                                                                                                                                   86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER                                                                                                                                                                                                                                                                                                          86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL                                                                                                                                                                                                                                                                                                 86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE                                                                                                                                                                                                                                                                                                  86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA                                                                                                                                                                                                                                                                                                    86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA                                                                                                                                                                                                                                                                                                      86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP                                                                                                                                                                                                                                                                                                            86006E38
Device  \Driver\SiSRaid2 \Device\Scsi\SiSRaid21Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                   8679E668
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE                                                                                                                                                                                                                                                                                    86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                                                                                                                                                         86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE                                                                                                                                                                                                                                                                                     86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_READ                                                                                                                                                                                                                                                                                      86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_WRITE                                                                                                                                                                                                                                                                                     86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION                                                                                                                                                                                                                                                                         86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION                                                                                                                                                                                                                                                                           86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA                                                                                                                                                                                                                                                                                  86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA                                                                                                                                                                                                                                                                                    86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS                                                                                                                                                                                                                                                                             86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                                                                                                                                                  86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                                                                                                                                                    86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                                                                                                                                                         86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                                                                                                                                                       86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL                                                                                                                                                                                                                                                                            86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                                                                                                                                                   86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN                                                                                                                                                                                                                                                                                  86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL                                                                                                                                                                                                                                                                              86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP                                                                                                                                                                                                                                                                                   86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT                                                                                                                                                                                                                                                                           86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY                                                                                                                                                                                                                                                                            86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY                                                                                                                                                                                                                                                                              86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_POWER                                                                                                                                                                                                                                                                                     86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL                                                                                                                                                                                                                                                                            86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE                                                                                                                                                                                                                                                                             86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA                                                                                                                                                                                                                                                                               86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA                                                                                                                                                                                                                                                                                 86006E38
Device  \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_PNP                                                                                                                                                                                                                                                                                       86006E38
Device  \FileSystem\Fastfat \Fat IRP_MJ_READ                                                                                                                                                                                                                                                                                                                          86562AA0
Device  \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ                                                                                                                                                                                                                                                                                                862B0148
Device  \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ                                                                                                                                                                                                                                                                                                 862B0148
Device  \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ                                                                                                                                                                                                                                                                                                     862B0148
Device  \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ                                                                                                                                                                                                                                                                                                  862B0148
Device  \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ                                                                                                                                                                                                                                                                                                 862B0148
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_READ                                                                                                                                                                                                                                                                                                                            8636C9E0

---- Modules - GMER 1.0.12 ----

Module  _________                                                                                                                                                                                                                                                                                                                                                     F776B000

---- Files - GMER 1.0.12 ----

ADS     C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE                                                                                                                                                                                                                                                                                           
ADS     C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\miryvip@hotmail.it\SharingMetadata\veshaj@hotmail.it\DFSR\Staging\CS{4B644863-A00E-7CB5-69AB-221F3EC938FF}\01\10-{4B644863-A00E-7CB5-69AB-221F3EC938FF}-v1-{F34975D2-EF18-4B6C-A79E-8087628FCF2F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS  

---- EOF - GMER 1.0.12 ----
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
Ultima modifica di TuLKaS85 : 08-11-2006 alle 14:55.
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 08-11-2006, 14:52   #4015
bordo83
Member
 
L'Avatar di bordo83
 
Iscritto dal: Oct 2006
Messaggi: 151
Quote:
Originariamente inviato da bReAkDoWn
Confermo quello che gli avevi detto tu:

inetnum: 85.255.112.0 - 85.255.127.255
netname: inhoster
descr: Inhoster hosting company
descr: OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine

quelli andavano assolutamente fixati.
Ciao!
Non volevo mettere in dubbio il vostro aiuto,non mi permetterei mai data la mia ridotta conoscenza di HiJack.Cmq anche inserendo i dns di alice 4 mega funziona.Peccato che il mio problema di ricerca su google persista...nella sezione "immagini" ho notato che non mi reindirizza su strani siti,in quella "web" ai primi 4-5 tentativi si.Ciaoo
bordo83 è offline   Rispondi citando il messaggio o parte di esso
Old 08-11-2006, 17:33   #4016
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da TuLKaS85
per l'analisi del rootkit ho inserito tutte le partizioni e spuntato (come di default) tutte le voci :
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE ADS C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\miryvip@hotmail.it\SharingMetadata\veshaj@hotmail.it\DFSR\Staging\CS{4B644863-A00E-7CB5-69AB-221F3EC938FF}\01\10-{4B644863-A00E-7CB5-69AB-221F3EC938FF}-v1-{F34975D2-EF18-4B6C-A79E-8087628FCF2F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Ci sono questi due ads (è come se fossero file "nascosti" dentro ad altri file) che sono rimasti. Quello chiamato 2A81F9CE puoi toglierlo, l'altro non so cosa sia.
Il programma per gestirli è http://www.merijn.org/programs.php#adsspy
Devi fare una scansione selezionando solo l'opzione di mezzo (Ignore system info ecc.)
2A81F9CE rimuovilo e basta, mentre prova a cliccare con il dx sull'altro e guardane il contenuto le per vedere se all'interno ci fossero informazioni comprensibili. Altrimenti puoi salvarlo (prima view, poi save to disk) e darlo in pasto ad analizzatori online tipo www.virustotal.com

Cmq già a questo punto il tuo sistema dovrebbe essere pulito da infezioni attive, queste sono soltanto "rifiniture".
Hai notato se la velocità di navigazione è tornata come prima?
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 08-11-2006, 17:39   #4017
barboon
Member
 
Iscritto dal: Jun 2006
Messaggi: 151
ho un file sospettto
Che faccio, devo cancellare il file sospetto?
qui il log hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 16.04.52, on 08/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\DOCUME~1\barboon\IMPOST~1\Temp\pgpr1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\DOCUME~1\barboon\IMPOST~1\Temp\Rar$EX00.297\RMClock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\barboon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [pgpr1.exe] C:\DOCUME~1\barboon\IMPOST~1\Temp\pgpr1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RMClock] C:\DOCUME~1\barboon\IMPOST~1\Temp\Rar$EX00.297\RMClock.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SysRit - Unknown owner - C:\DOCUME~1\barboon\IMPOST~1\Temp\30.tmp (file missing)
barboon è offline   Rispondi citando il messaggio o parte di esso
Old 08-11-2006, 17:42   #4018
bReAkDoWn
Senior Member
 
L'Avatar di bReAkDoWn
 
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
Quote:
Originariamente inviato da bordo83
Non volevo mettere in dubbio il vostro aiuto,non mi permetterei mai data la mia ridotta conoscenza di HiJack.Cmq anche inserendo i dns di alice 4 mega funziona.Peccato che il mio problema di ricerca su google persista...nella sezione "immagini" ho notato che non mi reindirizza su strani siti,in quella "web" ai primi 4-5 tentativi si.Ciaoo
Ciao bordo83, non preoccuparti, io perlomeno non mi sono sentito affatto messo in dubbio; quella sui dns era una verifica che abbiamo fatto io e FoxyLady. Quindi veniamo al problema. Se hai ancora problemi di reindirizzamento, vediamo di indagare un pò più a fondo. Dovresti:

Scaricare gmer (www.gmer.net) e fare due scansioni: rootkit e autostart, copiare i risultati (gmer ha direttamente il pulsante copy) e incollarli in un messaggio qua sul forum. Assicurati che in entrambe le scansioni NON sia selezionata l'opzione show all. Infine, mentre fai la scansione rootkit non utilizzare il pc e chiudi tutte le applicazioni che puoi.
__________________
Without Contraries is no Progression...
bReAkDoWn è offline   Rispondi citando il messaggio o parte di esso
Old 08-11-2006, 17:50   #4019
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
Quote:
Originariamente inviato da bReAkDoWn
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE ADS C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\miryvip@hotmail.it\SharingMetadata\veshaj@hotmail.it\DFSR\Staging\CS{4B644863-A00E-7CB5-69AB-221F3EC938FF}\01\10-{4B644863-A00E-7CB5-69AB-221F3EC938FF}-v1-{F34975D2-EF18-4B6C-A79E-8087628FCF2F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Ci sono questi due ads (è come se fossero file "nascosti" dentro ad altri file) che sono rimasti. Quello chiamato 2A81F9CE puoi toglierlo, l'altro non so cosa sia.
Il programma per gestirli è http://www.merijn.org/programs.php#adsspy
Devi fare una scansione selezionando solo l'opzione di mezzo (Ignore system info ecc.)
2A81F9CE rimuovilo e basta, mentre prova a cliccare con il dx sull'altro e guardane il contenuto le per vedere se all'interno ci fossero informazioni comprensibili. Altrimenti puoi salvarlo (prima view, poi save to disk) e darlo in pasto ad analizzatori online tipo www.virustotal.com

Cmq già a questo punto il tuo sistema dovrebbe essere pulito da infezioni attive, queste sono soltanto "rifiniture".
Hai notato se la velocità di navigazione è tornata come prima?
scusami quale programma da quel sito devo prendere ?? ibprocman ??
cmq sembra un pò + veloce il browser , xò vedo una cosa strana...sarà xkè ho troppi programmi installati, ho un casino di processi attivi e il task manager non è stabile nel dire l'utilizzo della cpu oscilla sempre 2-3-4 % mentre diciamo che di solito era inchiodato sull'1% o quasi....
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Old 08-11-2006, 18:00   #4020
TuLKaS85
Senior Member
 
L'Avatar di TuLKaS85
 
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
ho fatto una ricerca con ads spy ma ha trovato solo il primo ads....
l'ho eliminato come suggeritomi...
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2
TuLKaS85 è offline   Rispondi citando il messaggio o parte di esso
Pagina 201 di 733 « Prima < 101 151 191 197 198 199 200 201 202 203 204 205 211 251 301 701 > Ultima »
 Rispondi

« Discussione precedente | Discussione successiva »

iPhone 17 Pro: più di uno smartphone. È uno studio di produzione in formato tascabile iPhone 17 Pro: più di uno smartphone. &Eg...
Intel Panther Lake: i processori per i notebook del 2026 Intel Panther Lake: i processori per i notebook ...
Intel Xeon 6+: è tempo di Clearwater Forest Intel Xeon 6+: è tempo di Clearwater Fore...
4K a 160Hz o Full HD a 320Hz? Titan Army P2712V, a un prezzo molto basso 4K a 160Hz o Full HD a 320Hz? Titan Army P2712V,...
Recensione Google Pixel Watch 4: basta sollevarlo e si ha Gemini sempre al polso Recensione Google Pixel Watch 4: basta sollevarl...
Le sonde spaziali ESA ExoMars e Mars Exp...
Roscosmos: static fire per i propulsori ...
Alcune partite NBA saranno trasmesse in ...
Intel Core 13000 e 14000 aumentano uffic...
Gemini sta per arrivare in Google Maps: ...
2 minuti per vedere le 27 offerte imperd...
Ray-Ban Meta Display: tecnologia sorpren...
Un mini PC a prezzo stracciato, non cerc...
Al via i coupon nascosti di ottobre: qua...
Ferrari Elettrica si aggiorna solo in of...
Doppio sconto sugli smartphone top Xiaom...
Samsung è sempre più prota...
ChatGPT ha pregiudizi politici? Ecco cos...
Un solo iPhone rubato ha portato alla sc...
Xiaomi 17 Ultra sta arrivando: ecco come...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 23:09.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Served by www3v