www.MegaLab.it

da **torch** » sab mag 15, 2010 10:07 pm

Per ora mi sta segnalando una decina di files, tutti contenuti in c:\system volume information\_restore
ed uno nella cartella creata da combofix (c:\qoobox\Quarantine\c\windows\system32\drivers\iynqkam.sys.vir )

da **stevens** » sab mag 15, 2010 10:10 pm

Per ora mi sta segnalando una decina di files, tutti contenuti in c:\system volume information\_restore
ed uno nella cartella creata da combofix (c:\qoobox\Quarantine\c\windows\system32\drivers\iynqkam.sys.vir )

quelli in c:\system volume information\_restore sono nei punti di ripristino , basta disattivarlo, riavviare e riattivarlo creando un nuovo punto, mentre quelli nella cartella qoobox sono le copie dei file infetti trovati da combofix

ma la scansione e' finita?

da **torch** » sab mag 15, 2010 10:13 pm

Sta ancora scansionando.

Ma al termine della scansione, posso cancellare le cartelle qoobox e combofix residenti in c: ?

da **torch** » sab mag 15, 2010 10:42 pm

Non finisce piu' questa scansione... per ora nulla di nuovo rilevato...
Poiche' ho gia' disattivato il punto di ripristino un paio di reboot fa, potrei cancellare manualment anche la cartella \_restore in c:\system volume information\_restore?

la quasi totalità dei files segnalati si trovano la.

da **torch** » sab mag 15, 2010 11:10 pm

Ok. Scansione terminata.

I file segnalati dall'anti-rootkit sono quelli che ti ho detto prima (piu' un paio di kegen che so essere di falsi positivi, ma che nel dubbio ho comunuqe detto di cancellare). Ora sto riavviando il sistema (come richiesto dall'anti-rootkit stesso).

Che faccio? Rilancio qualche scansione?

Grazie davvero

da **torch** » dom mag 16, 2010 1:52 am

Allora...

ho disinstallato alcuni programmi che non usavo piu', pulito le chiavi di registro con ccleaner, disattivati e riattivati i punti di ripristino.

L'antirootkit di avira trova un unico problema:
---
Results:
Value data mismatch : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Adobe\Bridge CS5\Preferences -> favoritesicons
---
E' veramente un problema da risolvere, od un falso negativo? Ho cercato in rete, ma non ho trovato risposte in merito.

Ho lanciato il Sophos (ora vado a fare un paio d'ore di sonno, e domani posto il log). Per ora ha trovato solo il file sptd.sys in \drivers\, ma ho letto che
è un file a cui si appoggia daemon tools, quindi non dovrebbe essere un problema.

Domani lancio pure una scansione completa con malwarebytes ed avira antivir.

Io uso come "protezione" avira antivir e comodo personal firewall, poi spybotsearcndestroy, spywareblaster e malware bytes.
Mi suggerite di cambiare qualcosa nella catena, o questa può ancora andare bene? (tengo sempre tutto aggiornato, quotidianamente).

Grazie

da **torch** » dom mag 16, 2010 9:09 am

Rieccomi.

Allora: sophos ha trovato 3 unknown hidden fileç

Il primo e' quello di cui dicevo ieri, ed è un file utilizzato da daemontools

Il secondo è l'eseguibile di Archicad ArchiCAD.exe

Il terzo si trova in una cartella dove tengo le immagini)(dvd) di 3dsMAX. In particolare il file si trova in DVD1\support\vcredist\2005\vcredist_x86.exe

Peraltro nessuno dei tre, in realta', è nascosto.

Come mi suggerite di comportarmi?

Grazie

da **stevens** » dom mag 16, 2010 9:48 am

eccomi qui

dunque, volevo inanzitutto chiederti una cosa.....quando avira antirotkit ha trovato la prima infezione l'hai cancellata?

ora l'unica cosa da fare e' controllare a fondo il sistema, anche se credo che oramai risulta pulito

disattiva l'antivirus e disconnettiti dalla rete

scarica systemscan

esegui di systemscan solo le scansioni:

- Recent files
- Registry Run Keys
- Services and Drivers
- Master Boot Record

se dovesse bloccarsi non chiuderlo ma controllalo col task manager, anche se non e' in esecuzione attendi, e' il programma che lavora

da **stevens** » dom mag 16, 2010 9:55 am

ptima di eseguire le operazioni descritte nel post precedenre, disinstalla combofix con questo tool

eseguilo
Clicca su CleanUp.
Alla richiesta di riavvio clicca SI

vai in C:\ ed elimina la cartella qoobox se presente

da **torch** » dom mag 16, 2010 10:13 am

Stevens, buongiorno.

Ho disinstallato ComboFix (e la cartella in c: non c'èpiù).

Quando avira mi ha segnalato la prima infezione:

Results:
Value data mismatch : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Adobe\Bridge CS5\Preferences -> favoritesicons

non gli ho detto di cancellarla.

Lo rieseguo e gli dico di rimuoverla?

da **stevens** » dom mag 16, 2010 10:17 am

ciao

io parlavo della prima scansione quando ha trovato il rotkit

Value data mismatch : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Adobe\Bridge CS5\Preferences -> favoritesicons
Embedded nulls : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}
Hidden value : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B} -> nabjodhgbhkbiccepoekoafbipib
Hidden value : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B} -> malhcajkmkogmnaoocakkcpilj

da **torch** » dom mag 16, 2010 10:22 am

Sisi, quelle gli ho detto di cancellarle alla prima scansione.

da **stevens** » dom mag 16, 2010 10:26 am

senza eseguire systemscan ( facciamo prima) scarica gmer

Eseguilo, clicca su >>> e poi su "autostart" - "scan" - "copy" - apri un nuovo file di testo - incolla e salva il file.
Poi,clicca su "rootkit" - "scan" - "copy" - apri un nuovo file di testo - incolla e salva il file.
Posta anche questi due rapporti

Fai attenzione se rileva voci in rosso (cerca di copiarle se possibile) se noti dei riavvii vuol dire che ti sta eliminando qualcosa

da **torch** » dom mag 16, 2010 10:29 am

Ok. Procedo.

da **torch** » dom mag 16, 2010 11:57 am

Gmer sta lavorando da più di un'ora... Appena finisce pubblico i log.

da **torch** » dom mag 16, 2010 1:58 pm

Siamo a 3 ore e mezza... e continua con la scansione... Interminabile...
Per ora non ha segnalato neanche una voce in rosso... (non ho toccato nessun settaggio si gmer, quindi sta scansionando il solo disco c: )

da **stevens** » dom mag 16, 2010 2:47 pm

un po' troppo 3 ore, blocca la scansione e lancia avira (scansione completa) dopo averlo aggiornato

da **torch** » dom mag 16, 2010 3:47 pm

Allora. Ho fermato la scansione di gmer.

Posto il log dell'autostart (parte1di2):

GMER 1.0.15.15281 - http://www.gmer.net
Autostart scan 2010-05-16 16:27:04
Windows 5.1.2600 Service Pack 3

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = pdboot.exe autocheck autochk *

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@GinaDLLIWPDGINA.DLL = IWPDGINA.DLL
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
LBTWlgn@DLLName = c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\WINDOWS\system32\acaptuser32.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ABBYY.Licensing.FineReader.Professional.9.0@ = E:\Scanner\abbyy\NetworkLicenseServer.exe -service
AntiVirScheduler@ = "C:\Programmi\Avira\AntiVir Desktop\sched.exe"
AntiVirService@ = "C:\Programmi\Avira\AntiVir Desktop\avguard.exe"
Apple Mobile Device@ = "C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
ArcGIS License Manager@ = C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
ArchVision Content Manager Service@ = C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "C:\Programmi\ArchVision\ArchVision Content Manager" /*file not found*/
ASTCC@ = C:\WINDOWS\system32\astsrv.exe
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Bonjour Service@ = C:\Programmi\Bonjour\mDNSResponder.exe
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
BthServ@ = %SystemRoot%\system32\svchost.exe -k bthsvcs
clr_optimization_v4.0.30319_32@ = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
cmdAgent@ = "E:\Sicurezza\Comodo\COMODO Internet Security\cmdagent.exe"
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
EvtEng@ = C:\Programmi\Intel\WiFi\bin\EvtEng.exe
gupdate@ = "C:\Programmi\Google\Update\GoogleUpdate.exe" /svc
hasplms@ = C:\WINDOWS\system32\hasplms.exe -run
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ@ = %SystemRoot%\System32\svchost.exe -k netsvcs
JavaQuickStarterService@ = "C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf"
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
mi-raysat_3dsmax2010_32@ = E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
mi-raysat_3dsmax2011_32@ = E:\Architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe
MNSFramework@ = C:\WINDOWS\system32\MNSFramework.exe /start
MSSQL$SQLEXPRESS@ = "C:\Programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
Nero BackItUp Scheduler 4.0@ = C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
NICCONFIGSVC@ = C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
NVIDIA Performance Driver Service@ = "C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
PDAgent@ = E:\Manutenzione\PerfectDisk\PDAgent.exe
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RegSrvc@ = C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
RichVideo@ = "C:\Programmi\CyberLink\Shared Files\RichVideo.exe" ??????????????????????????????????????????????????
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
S24EventMonitor@ = C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
SamSs@ = %SystemRoot%\system32\lsass.exe
SCardSvr@ = %SystemRoot%\System32\SCardSvr.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
SQLWriter@ = "C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe"
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WDDMService@ = "C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe"
WDSmartWareBackgroundService@ = "C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe"
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
WLANKEEPER@ = C:\Programmi\Intel\WiFi\bin\WLKeeper.exe
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
WudfSvc@ = %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@SigmatelSysTrayApp%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe /*file not found*/ = %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe /*file not found*/
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@AdobeCS4ServiceManager"C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin = "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
@COMODO Internet Security"E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe" -h = "E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe" -h
@Dell QuickSetC:\Programmi\Dell\QuickSet\Quickset.exe = C:\Programmi\Dell\QuickSet\Quickset.exe
@LVCOMSC:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE = C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
@GrooveMonitor"E:\Sistema\Office\Office12\GrooveMonitor.exe" = "E:\Sistema\Office\Office12\GrooveMonitor.exe"
@Acrobat Assistant 8.0"E:\AdobeAcrobatPro\Acrobat\Acrotray.exe" = "E:\AdobeAcrobatPro\Acrobat\Acrotray.exe"
@avgnt"C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min = "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
@Kernel and Hardware Abstraction LayerKHALMNPR.EXE = KHALMNPR.EXE
@AppleSyncNotifierC:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe = C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
@NVHotkeyrundll32.exe nvHotkey.dll,Start = rundll32.exe nvHotkey.dll,Start
@QuickTime Task"E:\Players\Quicktime\QTTask.exe" -atboottime = "E:\Players\Quicktime\QTTask.exe" -atboottime
@IntelZeroConfig"C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe" = "C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe"
@IntelWireless"C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray = "C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
@iTunesHelper"E:\Audio\iTunes\iTunesHelper.exe" = "E:\Audio\iTunes\iTunesHelper.exe"
@AdobeAAMUpdater-1.0"C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" = "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
@AdobeCS5ServiceManager"C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin = "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
@Adobe Reader Speed Launcher"C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@Adobe ARM"C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" = "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /installquiet = nwiz.exe /installquiet
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@DAEMON Tools"E:\Masterizzazione\DAEMON Tools\daemon.exe" -lang 1033 = "E:\Masterizzazione\DAEMON Tools\daemon.exe" -lang 1033
@i8kfanguiC:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup = C:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup
@Google Update"C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c = "C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
@Gadwin PrintScreen ProC:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash /*file not found*/ = C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash /*file not found*/
@MNSC:\Programmi\Mobile Net Switch\MNS.exe = C:\Programmi\Mobile Net Switch\MNS.exe
@ISUSPM"C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler = "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%Systemroot%\system32\webcheck.dll = %Systemroot%\system32\webcheck.dll
@SysTray%systemroot%\system32\stobject.dll = %systemroot%\system32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "E:\Architettura\Ecotect\ScriptManager.exe" "%1"
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Shell Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E62-B078-11d0-89E4-00C04FC9E26E} /*History Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%Systemroot%\system32\webcheck.dll = %Systemroot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\Avira\AntiVir Desktop\shlext.dll = C:\Programmi\Avira\AntiVir Desktop\shlext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/E:\Sistema\Office\Office12\OLKFSTUB.DLL = E:\Sistema\Office\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/E:\Sistema\Office\Office12\MLSHEXT.DLL = E:\Sistema\Office\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/E:\Sistema\Office\Office12\ONFILTER.DLL = E:\Sistema\Office\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/E:\Sistema\Office\Office12\msohevi.dll = E:\Sistema\Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{8A0BC933-7552-42E2-A228-3BE055777227} /*Gestore colonne DWG AutoCAD*/C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
@{5800AD5B-72C1-477B-9A08-CA112DF06D97} /*Gestore descrizioni comandi e informazioni DWG AutoCAD*/C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Anteprima disegni Autodesk*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/E:\AdobeAcrobatPro\Acrobat Elements\ContextMenu.dll = E:\AdobeAcrobatPro\Acrobat Elements\ContextMenu.dll
@{7CDDBD23-1B50-47b2-B28D-1B84D9A40ED1} /*Sony Digital Voice File Shell Extention Module*/IcdShlex.dll = IcdShlex.dll
@{C4853253-CD11-4798-ABF3-EC03F7C8A493} /*AutopanoShell.ShellPropertySheet Class by Kolor*/E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll = E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll
@{C4853253-CD11-4798-ABF3-EC03F7C8A494} /*AutopanoShell.ShellExtractImage Class by Kolor*/E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll = E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll
@{C4853253-CD11-4798-ABF3-EC03F7C8A495} /*AutopanoShell.ShellQueryInfo Class by Kolor*/E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll = E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll
@{C4853253-CD11-4798-ABF3-EC03F7C8A496} /*AutopanoShell.ShellColumnProvider Class by Kolor*/E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll = E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll
@{C4853253-CD11-4798-ABF3-EC03F7C8A498} /*AutopanoShell.ShellContextMenu Class by Kolor*/E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll = E:\Fotografia\Autopano Pro\AutopanoShell_win32.dll
@{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /*NeroCoverEd Live Icons*/E:\Masterizzazione\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll = E:\Masterizzazione\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
@{59A3380E-5305-4cea-BD99-4F2FF510C91F} /*FineReader9ContextMenu*/E:\Scanner\abbyy\FRIntegration.dll = E:\Scanner\abbyy\FRIntegration.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{25336920-03f9-11cf-8fd0-00aa00686f13} /*HTML Document*/C:\WINDOWS\system32\mshtml.dll = C:\WINDOWS\system32\mshtml.dll
@{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} /*MSHTML Document*/C:\WINDOWS\system32\mshtml.dll = C:\WINDOWS\system32\mshtml.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{C81DCBCA-8AE2-41FC-9C39-78B160393210} /*RhinoShExt*/E:\Architettura\Rhinoceros_4\System\RhinoShExt.dll = E:\Architettura\Rhinoceros_4\System\RhinoShExt.dll
@{AD392E40-428C-459F-961E-9B147782D099} /*UltraISO*/C:\Programmi\UltraISO\isoshell.dll = C:\Programmi\UltraISO\isoshell.dll
@{2BB59FC0-31E8-42DA-9D3C-E9A52953853B} /*ImageResizer Shell Extension*/(null) =
@DIALux LumFile ShellExtension /*{7EFFF3DD-71B3-11D4-A25E-005056DCFB89}*/(null) =
@DIALux Doc ShellExtension /*{7889C2D5-D128-43e2-A8D8-A7590A12C8B3}*/(null) =
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\kbcplext.dll = C:\Programmi\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\mcplext.dll = C:\Programmi\Logitech\SetPoint\mcplext.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*Nokia Phone Browser*/C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
@{EE337094-9F50-4B8C-9B53-C00F52A3289B} /*GF Shell Extension*/C:\Programmi\File comuni\onOne Software Shared\lt_lib_gf_iconShellEx.dll = C:\Programmi\File comuni\onOne Software Shared\lt_lib_gf_iconShellEx.dll
@{4B4F4C4F-5220-4798-ABF3-EC03F7C8A496} /*AutopanoShell.ShellColumnProvider Class by Kolor*/E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll = E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll

Ora ho lanciato Avira (aggiornato).

da **torch** » dom mag 16, 2010 3:48 pm

parte 2 di 2

@{4B4F4C4F-5220-4798-ABF3-EC03F7C8A498} /*AutopanoShell.ShellContextMenu Class by Kolor*/E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll = E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll
@{4B4F4C4F-5220-4798-ABF3-EC03F7C8A494} /*AutopanoShell.ShellExtractImage Class by Kolor*/E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll = E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll
@{4B4F4C4F-5220-4798-ABF3-EC03F7C8A495} /*AutopanoShell.ShellQueryInfo Class by Kolor*/E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll = E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll
@{72923739-5A47-40A3-9895-25AF0DFBB9E4} /*Glary Utilities Context Menu Shell Extension*/(null) =
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/E:\Compattatori\WinRAR\rarext.dll = E:\Compattatori\WinRAR\rarext.dll
@{9B2ED3B6-B42B-4D94-96F3-913277CF4D07} /*Piranesi shell extension*/E:\Architettura\Piranesi_2010_Pro\Program\prnshellex.dll = E:\Architettura\Piranesi_2010_Pro\Program\prnshellex.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/E:\Audio\iTunes\iTunesMiniPlayer.dll = E:\Audio\iTunes\iTunesMiniPlayer.dll
@{00020000-0000-1011-8004-0000C06B5161} /*WIBU-SYSTEMS Shell Extension*/C:\Programmi\WIBU-SYSTEMS\System\WibuShellExt.dll = C:\Programmi\WIBU-SYSTEMS\System\WibuShellExt.dll
@{4B392032-A759-43ED-9469-377C80A4472D} /*Anteprima file DGN Autodesk*/C:\Programmi\File comuni\Autodesk Shared\AcDgnCOM18.dll = C:\Programmi\File comuni\Autodesk Shared\AcDgnCOM18.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AcShellExtension.AcContextMenuHandler@{2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} = C:\Programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = E:\AdobeAcrobatPro\Acrobat Elements\ContextMenu.dll
Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Programmi\File comuni\Autodesk Shared\DWF Common\DWFShellExtension.dll
Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = E:\Masterizzazione\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
FineReader9ContextMenu@{59A3380E-5305-4cea-BD99-4F2FF510C91F} = E:\Scanner\abbyy\FRIntegration.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Masterizzazione\MagicISO\misosh.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
RhinoShExt@{C81DCBCA-8AE2-41FC-9C39-78B160393210} = E:\Architettura\Rhinoceros_4\System\RhinoShExt.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir Desktop\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Compattatori\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = E:\Sistema\Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AutopanoShell.ShellContextMenu@{4B4F4C4F-5220-4798-ABF3-EC03F7C8A498} = E:\Fotografia\Autopano Giga 2\AutopanoShell_win32.dll
COMODOSystemCleaner@{8B234906-FDC8-4be2-8269-4E6D0E71E8B7} = E:\Sicurezza\Comodo\cleanerreg\ShellExtension.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Masterizzazione\MagicISO\misosh.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
UltraISO@{AD392E40-428C-459F-961E-9B147782D099} = C:\Programmi\UltraISO\isoshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Compattatori\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = E:\Sistema\Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = E:\AdobeAcrobatPro\Acrobat Elements\ContextMenu.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Masterizzazione\MagicISO\misosh.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Programmi\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\Avira\AntiVir Desktop\shlext.dll
UltraISO@{AD392E40-428C-459F-961E-9B147782D099} = C:\Programmi\UltraISO\isoshell.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Compattatori\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = E:\Sistema\Office\Office12\GrooveShellExtensions.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}E:\Internet\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll = E:\Internet\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
@{53707962-6F74-2D53-2644-206D7942484F}E:\SICURE~1\SPYBOT~1\SDHelper.dll = E:\SICURE~1\SPYBOT~1\SDHelper.dll
@{69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2}E:\Architettura\DIALux\DLXShellExtension.dll = E:\Architettura\DIALux\DLXShellExtension.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}E:\Sistema\Office\Office12\GrooveShellExtensions.dll = E:\Sistema\Office\Office12\GrooveShellExtensions.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
@{C08DF07A-3E49-4E25-9AB0-D3882835F153}C:\Programmi\IDM\QUICKfind\PlugIns\IEHelp.dll = C:\Programmi\IDM\QUICKfind\PlugIns\IEHelp.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
@{F4971EE7-DAA0-4053-9964-665D8EE6A077}C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll = C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dialux@CLSID = E:\Architettura\DIALux\DLXToolBox.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
grooveLocalGWS@CLSID = E:\Sistema\Office\Office12\GrooveSystemServices.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} /*Connessione rete senza fili 8*/ >>>
@IPAddress192.168.1.9 = 192.168.1.9
@NameServer208.67.222.222,208.67.220.220 = 208.67.222.222,208.67.220.220
@DefaultGateway192.168.1.1 = 192.168.1.1

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0AFF87D-CBD8-423A-A7C1-99BF03D231A5} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.11 = 192.168.1.11
@NameServer212.216.112.112,212.216.172.62 = 212.216.112.112,212.216.172.62
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll
000000000005@LibraryPath = C:\Programmi\Bonjour\mdnsNSP.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\TRH\Menu Avvio\Programmi\Esecuzione automatica = Widget vodafone.lnk

---- EOF - GMER 1.0.15 ----

da **torch** » dom mag 16, 2010 3:52 pm

Allego anche il log parziale della scansione rootkit di gmer (nessuna voce era evidenziata in rosso):

parte 1di2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 16:04:26
Windows 5.1.2600 Service Pack 3
Running: 2i5uh70u.exe; Driver: C:\DOCUME~1\TRH\IMPOST~1\Temp\pxdiipog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF25F8BCC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF25F81AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF25F8832]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF25F808C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF25FA05C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF25FA2F4]
SSDT F67E922C ZwCreateThread
SSDT F67E923B ZwDeleteKey
SSDT F67E9245 ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF25F7A84]
SSDT sptd.sys ZwEnumerateKey [0xF6003FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF6004340]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF25F9CDE]
SSDT F67E924A ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF25F842E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF25F8A0E]
SSDT F67E9218 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF25F86BE]
SSDT F67E921D ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF6004418]
SSDT sptd.sys ZwQueryValueKey [0xF6004298]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF25F9712]
SSDT F67E9254 ZwReplaceKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF25FA63A]
SSDT F67E924F ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF25F9A7A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xF25F8DB2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF25F9E8C]
SSDT F67E9240 ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF25F83C8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF25F85B2]
SSDT F67E9227 ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF25F7E24]
SSDT \WINDOWS\system32\TUKERNEL.EXE (Sistema e kernel NT/Microsoft Corporation) ZwCreateKey [0xE0B65FEC]
SSDT \WINDOWS\system32\TUKERNEL.EXE[unknown section] [E0B65FEC] ZwCreateKey [0xE0B65FEC]
SSDT \WINDOWS\system32\TUKERNEL.EXE (Sistema e kernel NT/Microsoft Corporation) ZwOpenKey [0xE0B65FF1]
SSDT \WINDOWS\system32\TUKERNEL.EXE[unknown section] [E0B65FF1] ZwOpenKey [0xE0B65FF1]

INT 0x03 \WINDOWS\system32\TUKERNEL.EXE[unknown section] E0B65FFB
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F0F1216D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F0F11FC2
INT 0x62 ? FCF5F33C
INT 0x63 ? FC0B9974
INT 0x73 ? FCF8B90C
INT 0x74 ? FC0B1BEC
INT 0x82 ? FCF13954
INT 0x83 ? FCD3E444
INT 0x84 ? FC0B8BEC
INT 0x93 ? FC0BF044
INT 0x94 ? FC0CCBEC
INT 0xA3 ? FC0BFBEC
INT 0xA4 ? FCD20044
INT 0xB1 ? FD0462DC
INT 0xB4 ? FC17A4F4

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5979360, 0x24CB0D, 0xE8000020]
.text USBPORT.SYS!DllUnload F552A8AC 5 Bytes JMP FCFC01C8
? System32\Drivers\a8fani5g.SYS Impossibile trovare il percorso specificato. !
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xF0C73000, 0x48011, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xF0CC8224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xF0CC8000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xF0A02400, 0x6E1B2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF0A8C220] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF0A8C220]
.protectÿÿÿÿhardlockunknown last code section [0xF0A8C000, 0x50EA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xF0A8C000, 0x50EA, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text E:\Sicurezza\Comodo\COMODO Internet Security\cmdagent.exe[1840] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 0040F950 E:\Sicurezza\Comodo\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 0050DF00 E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text E:\Internet\Firefox\firefox.exe[4948] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 E:\Internet\Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F5FFEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F5FFEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F5FFEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F5FFF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F5FFF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F601429A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F5E736E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F5E737B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F5E73780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F5E73740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F5E73740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F5E737B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F5E736E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F5E73780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F5E73780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F5E73740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F5E737B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F5E736E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F5E73740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F5E73780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F5E736E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F5E737B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5E736E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5E737B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F5E73740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F5E73780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F5E73740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F5E737B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F5E736E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F5E736E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F5E737B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F5E73780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F5E73740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F5E73740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F5E73780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5E736E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5E737B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [00618250] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618170] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00618170] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00618170] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [00618250] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [00618250] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [00617290] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [00618250] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00618130] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00618170] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [006182E0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [00617B10] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [00617F50] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [00617670] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [00617D20] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [00617240] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [00617700] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [00617C60] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [006172D0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [00618060] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [006180D0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [006180B0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [00617E40] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [006174C0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [00617530] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [006173B0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [00617290] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [00618250] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00618200] E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT E:\Sicurezza\Comodo\COMODO

www.MegaLab.it

Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Chi c’è in linea