Allora dopo il riavvio automatico di fixlinkopt avast mi ha nuovamente trovato il virus.....
ho fatto tutto come hai detto,
questi i log:
Questo è il risultato che viene fuori da rootkit Removal tool
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\AJEEMV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\cGyyKO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\KHXtc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pLq.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\TmpTTi.exe
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Temp\fywb1.exe
>>>Error: File C:\WINDOWS\Temp\fywb1.exe could not be removed - it will be removed on the next reboot.
Trojan.Gromozon Removed!
Questo è il log dell'altro
Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
service: LogSll (logon as: .\BQs, passed filters)
service: LogSll (file path: C:\Programmi\File comuni\Microsoft Shared\Ira.exe - infected)
file: C:\Programmi\File comuni\Microsoft Shared\Ira.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\LogSll\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\LogSll\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\LogSll (key deleted)
reg: ...\SpecialAccounts\UserList\BQs (value deleted)
folder: \\?\C:\Documents and Settings\BQs (deleted)
user: BQs (deleted)
C:\WINDOWS\iexplore32.dll: (deleted)
C:\WINDOWS\Temp\_avast4_\unp126678474.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp17738423.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp217637443.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp248836080.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp260051452.tmp: (deleted)
C:\WINDOWS\Temp\_avast4_\unp98692063.tmp: (deleted)
Trojan.Linkoptimizer has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 125005
The number of deleted threat files: 8
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 4
The number of threat services removed: 1
The number of accounts disabled: 1
The tool initiated a system reboot.
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)
Questo è il log della prima scansione con GMER rootkit:
GMER 1.0.11.11390 -
http://www.gmer.net
Rootkit 2006-10-27 23:17:32
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
---- Devices - GMER 1.0.11 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8678CC78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8678CC78
Device \Driver\00000046 \Device\00000043 IRP_MJ_POWER [F7749EA8] sptd.sys
Device \Driver\00000046 \Device\00000043 IRP_MJ_SYSTEM_CONTROL [F775DA70] sptd.sys
Device \Driver\00000046 \Device\00000043 IRP_MJ_PNP [F7756728] sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867D7808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867D7808
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D7A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8653EBC0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8649F9D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8649F9D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867D7A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8653EBC0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8653EBC0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86409C68
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86409C68
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_CREATE 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_CLOSE 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_INTERNAL_DEVICE_CONTROL 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_CLEANUP 86409C68
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4AAEDB2-C74B-46F1-A3F8-A3FEBA259C2D} IRP_MJ_PNP 86409C68
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8678CEB0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8678CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8640CEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8640CEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 864D90E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 864D90E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D7A40
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 864E63A0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 864E63A0
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CREATE 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CLOSE 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_DEVICE_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_POWER 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_SYSTEM_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_PNP 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_CREATE 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_POWER 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8678C0E8
Device \Driver\viasraid \Device\Scsi\viasraid1Port2Path0Target0Lun0 IRP_MJ_PNP 8678C0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8646EC40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 8646EC40
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8636D260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8636D260
---- Registry - GMER 1.0.11 ----
Reg \Registry\USER\S-1-5-21-776561741-1275210071-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x8A 0xA8 0x83 0x99 ...
Reg \Registry\USER\S-1-5-21-776561741-1275210071-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x48 0x85 0x58 0xAD ...
---- Files - GMER 1.0.11 ----
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE
ADS ...
ADS ...
---- EOF - GMER 1.0.11 ----
Questa la seconda da Autostart:
GMER 1.0.11.11390 -
http://www.gmer.net
Autostart 2006-10-27 23:18:32
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs =
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@Logitech Hardware Abstraction Layer"C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE" = "C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE"
@ /*file not found*/ = /*file not found*/
@Kernel and Hardware Abstraction LayerKHALMNPR.EXE = KHALMNPR.EXE
@HP Software UpdateC:\Drivers\Stampante HP\HP Software Update\HPWuSchd2.exe = C:\Drivers\Stampante HP\HP Software Update\HPWuSchd2.exe
@NWEReboot /*file not found*/ = /*file not found*/
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@fywb1.exeC:\WINDOWS\TEMP\fywb1.exe /*file not found*/ = C:\WINDOWS\TEMP\fywb1.exe /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\kbcplext.dll = C:\Programmi\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\mcplext.dll = C:\Programmi\Logitech\SetPoint\mcplext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Utility\Nero BackItUp\NBShell.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Utility\Nero BackItUp\NBShell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{14D1A72D-8705-11D8-B120-0040F46CB696}C:\Documents and Settings\Daniele\10256424.dll = C:\Documents and Settings\Daniele\10256424.dll
@{53707962-6F74-2D53-2644-206D7942484F}G:\DANIEL~1\ISTALL~1\ANTIVI~1\SPYBOT~1\SDHelper.dll = G:\DANIEL~1\ISTALL~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start
Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home =
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://www.fastweb.it/myfastpage/res/ =
http://www.fastweb.it/myfastpage/res/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk
---- EOF - GMER 1.0.11 ----