Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Connessione wireless

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Connessione wireless

Messaggioda fanale » sab nov 17, 2007 11:26 pm

Ciao ragazzi, io ho una connessione wireless protetta da password e da un paio di giorni che sembra come se ci fosse qualcun altro connesso, è mi capita che si aprissero pagine con siti che io non ho cliccato. Secondo voi c'è collegato qualcun altro ho c'è un virus? Fatemi sapere GRAZIE [^]
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » dom nov 18, 2007 7:33 am

prova a postare un log di hijackthis...

cambia anche la password della rete... [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » dom nov 18, 2007 11:03 am

La password l'ho già cambiata. Questo è il log di hijakthis fatemi sapere GRAZIE. [^]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.51.34, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Programmi\Acer\Acer eMode Management\AspireService.exe
C:\Programmi\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Glass2k\Glass2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\yod'm 3d\Yodm3D.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fastweb.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Multi_Media_Italy toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Multi_Media_Italy toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Programmi\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Programmi\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKLM\..\Run: [Glass2k] C:\Programmi\Glass2k\Glass2k.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Programmi\yod'm 3d\Yodm3D.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam03.deg.net/activex/AMC.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Programmi\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11633 bytes
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)


Messaggioda ste_95 » dom nov 18, 2007 11:08 am

il log non evidenzia backdoor ne keylogger...

hai un firewall?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » dom nov 18, 2007 4:31 pm

Si ho Zonealarm come firewall, penso che sia buono vero? [uhm]
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » dom nov 18, 2007 4:42 pm

si....il fatto è che quindi hai qualcosa nel computer...oppure hai un hacker molto astuto sotto casa tua... [bleh]

scarica gmer e posta i logs delle sezioni autostart e rootkit
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » dom nov 18, 2007 10:47 pm

Si forse hai ragione perche se facci una ricerca reti trovo altre connessioni wireless di cui una non protetta, e se mi collego non c'è rete dicendomi rete assente. Io penso che sia lui. Questo è i logs di rootkit, quello di autostart non riesco ne a salvarlo ne a copiarlo.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-18 18:13:59
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 88DBB238

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B8E8F1DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B8E8F1DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B8E8F454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B8E8F1DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B38FFFE2] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B38FFBEC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B39003D4] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B390067A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B390067A] amon.sys

Device \FileSystem\Fastfat \Fat IRP_MJ_READ 88738778

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B8E8F1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [B8E8F1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [B8E8F454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B8E8F1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [B8E82F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B38FFFE2] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [B38FFBEC] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [B39003D4] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [B390067A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [B390067A] amon.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B5CB6C50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [B8D820F0] kl1.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B5CB6C50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [B8D820F0] kl1.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B5CB6C50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [B8D820F0] kl1.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CB6C50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B5CB6C50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [B8D820F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [B8D820F0] kl1.sys

---- Modules - GMER 1.0.13 ----

Module _________ B8ED0000-B8EE8000 (98304 bytes)

---- Threads - GMER 1.0.13 ----

Thread 4:164 88D3E8E0
Thread 4:168 88D3E8E0
Thread 4:172 88D178D0
Thread 4:176 88D178D0
Thread 4:180 88D178D0
Thread 4:468 88D3E8E0
Thread 4:596 88D3E8E0
Thread 4:792 88D3E8E0

---- EOF - GMER 1.0.13 ----
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » lun nov 19, 2007 7:07 am

il rootkit è pulito... che problmei hai con l'altro?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » lun nov 19, 2007 11:50 pm

Non riesco ha postare il logs di autostart perché non c'è la voce save come al rootkit, anche selezionandolo tutto e poi cliccando col tasto destro non esce copia, incolla, ecc.. Come posso fare? Fammi sapere [^]
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » mar nov 20, 2007 6:59 am

a destra dovresti avere un tastino copy....e poi lo incolli nel blocco note [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » mar nov 20, 2007 10:49 am

Scusami non ci riuscivo [acc2] , te ne posto 2 perché posso dare la spunta a show all. Questa è quella senza spunta:
GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-11-20 10:37:36
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@UIHostvistaui.exe = vistaui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
a2AntiMalware /*a-squared Anti-Malware Service*/@ = "C:\Programmi\a-squared Anti-Malware\a2service.exe"
Acer Media Server /*Acer Media Server*/@ = "C:\Programmi\Acer\Acer eConsole\MediaServerService.exe"
AcerMemUsageCheckService /*Memory Check Service*/@ = C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
CLCapSvc /*CyberLink Background Capture Service (CBCS)*/@ = "C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe" ??|? ?c& ? ? ?? ? ? ??? /??|? ??& ¹
CLSched /*CyberLink Task Scheduler (CTS)*/@ = "C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe" M \ K e r n e l \ T V \ C L C a p S v c . e x e ’|
CyberLink Media Library Service /*CyberLink Media Library Service*/@ = "C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe"
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
LexBceS /*LexBce Server*/@ = C:\WINDOWS\system32\LEXBCES.EXE
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
sp_rssrv /*Spyware Terminator Realtime Shield Service*/@ = C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LaunchAppAlaunch = Alaunch
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@ntiMUIc:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe = c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@MSPY2002C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
@PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
@PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@SunJavaUpdateSched"C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" = "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
@Acer Empowering Technology MonitorC:\WINDOWS\system32\SysMonitor.exe = C:\WINDOWS\system32\SysMonitor.exe
@AspireServiceC:\Programmi\Acer\Acer eMode Management\AspireService.exe = C:\Programmi\Acer\Acer eMode Management\AspireService.exe
@MediaSyncC:\Programmi\Acer\Acer eConsole\MediaSync.exe = C:\Programmi\Acer\Acer eConsole\MediaSync.exe
@PCMService"C:\Program Files\Acer TV-FM\PCMService.exe" = "C:\Program Files\Acer TV-FM\PCMService.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Lexmark X1100 Series"C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe" = "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
@Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@ZoneAlarm Client"C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
@a-squared"C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60 = "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60
@SpywareTerminator"C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" = "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
@LClockC:\Programmi\LClock\LClock.exe = C:\Programmi\LClock\LClock.exe
@Glass2kC:\Programmi\Glass2k\Glass2k.exe = C:\Programmi\Glass2k\Glass2k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@PcSyncC:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
@Yodm3DC:\Programmi\yod'm 3d\Yodm3D.exe = C:\Programmi\yod'm 3d\Yodm3D.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{BB7DF450-F119-11CD-8465-00AA00425D90} /*Microsoft Access Custom Icon Handler*/C:\Programmi\Microsoft Office\Office\soa800.dll = C:\Programmi\Microsoft Office\Office\soa800.dll
@{59850401-6664-101B-B21C-00AA004BA90B} /*Utilità di separazione di Raccoglitore Office.*/C:\Programmi\Microsoft Office\Office\UNBIND.DLL = C:\Programmi\Microsoft Office\Office\UNBIND.DLL
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a-squared Anti-Malware Shell Extension*/C:\Programmi\a-squared Anti-Malware\a2contmenu.dll = C:\Programmi\a-squared Anti-Malware\a2contmenu.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/C:\Programmi\Spyware Terminator\sptcontmenu.dll = C:\Programmi\Spyware Terminator\sptcontmenu.dll
@{ABC70703-32AF-11d4-90C4-D483A70F4825} /*CMenuExtender*/C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CMenuExtender@{ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a-squared Anti-Malware Shell Extension@{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\Programmi\a-squared Anti-Malware\a2contmenu.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{2e6f36ce-1217-4ba1-982f-24560c0eb677}C:\Programmi\Multi_Media_Italy\tbMult.dll = C:\Programmi\Multi_Media_Italy\tbMult.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll = C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll = C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\Aquarium.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://global.acer.com = http://global.acer.com
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://fastweb.it/portale/?benvenuto= = http://fastweb.it/portale/?benvenuto=
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

C:\Documents and Settings\Fanale\Menu Avvio\Programmi\Esecuzione automatica = Stardock ObjectDock.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Acer Empowering Technology.lnk = Acer Empowering Technology.lnk
Acer WLAN 11g USB Dongle.lnk = Acer WLAN 11g USB Dongle.lnk
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
LG SyncManager.lnk = LG SyncManager.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.13 ----
--------------------------------------------------------------------------------------------
Questa è con la spunta:
GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-11-20 10:37:36
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@UIHostvistaui.exe = vistaui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
a2AntiMalware /*a-squared Anti-Malware Service*/@ = "C:\Programmi\a-squared Anti-Malware\a2service.exe"
Acer Media Server /*Acer Media Server*/@ = "C:\Programmi\Acer\Acer eConsole\MediaServerService.exe"
AcerMemUsageCheckService /*Memory Check Service*/@ = C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
CLCapSvc /*CyberLink Background Capture Service (CBCS)*/@ = "C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe" ??|? ?c& ? ? ?? ? ? ??? /??|? ??& ¹
CLSched /*CyberLink Task Scheduler (CTS)*/@ = "C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe" M \ K e r n e l \ T V \ C L C a p S v c . e x e ’|
CyberLink Media Library Service /*CyberLink Media Library Service*/@ = "C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe"
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
LexBceS /*LexBce Server*/@ = C:\WINDOWS\system32\LEXBCES.EXE
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
sp_rssrv /*Spyware Terminator Realtime Shield Service*/@ = C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LaunchAppAlaunch = Alaunch
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@ntiMUIc:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe = c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@MSPY2002C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
@PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
@PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@SunJavaUpdateSched"C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" = "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
@Acer Empowering Technology MonitorC:\WINDOWS\system32\SysMonitor.exe = C:\WINDOWS\system32\SysMonitor.exe
@AspireServiceC:\Programmi\Acer\Acer eMode Management\AspireService.exe = C:\Programmi\Acer\Acer eMode Management\AspireService.exe
@MediaSyncC:\Programmi\Acer\Acer eConsole\MediaSync.exe = C:\Programmi\Acer\Acer eConsole\MediaSync.exe
@PCMService"C:\Program Files\Acer TV-FM\PCMService.exe" = "C:\Program Files\Acer TV-FM\PCMService.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Lexmark X1100 Series"C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe" = "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
@Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@ZoneAlarm Client"C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
@a-squared"C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60 = "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60
@SpywareTerminator"C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" = "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
@LClockC:\Programmi\LClock\LClock.exe = C:\Programmi\LClock\LClock.exe
@Glass2kC:\Programmi\Glass2k\Glass2k.exe = C:\Programmi\Glass2k\Glass2k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@PcSyncC:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
@Yodm3DC:\Programmi\yod'm 3d\Yodm3D.exe = C:\Programmi\yod'm 3d\Yodm3D.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{BB7DF450-F119-11CD-8465-00AA00425D90} /*Microsoft Access Custom Icon Handler*/C:\Programmi\Microsoft Office\Office\soa800.dll = C:\Programmi\Microsoft Office\Office\soa800.dll
@{59850401-6664-101B-B21C-00AA004BA90B} /*Utilità di separazione di Raccoglitore Office.*/C:\Programmi\Microsoft Office\Office\UNBIND.DLL = C:\Programmi\Microsoft Office\Office\UNBIND.DLL
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a-squared Anti-Malware Shell Extension*/C:\Programmi\a-squared Anti-Malware\a2contmenu.dll = C:\Programmi\a-squared Anti-Malware\a2contmenu.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/C:\Programmi\Spyware Terminator\sptcontmenu.dll = C:\Programmi\Spyware Terminator\sptcontmenu.dll
@{ABC70703-32AF-11d4-90C4-D483A70F4825} /*CMenuExtender*/C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CMenuExtender@{ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a-squared Anti-Malware Shell Extension@{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\Programmi\a-squared Anti-Malware\a2contmenu.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Programmi\Spyware Terminator\sptcontmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Programmi\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{2e6f36ce-1217-4ba1-982f-24560c0eb677}C:\Programmi\Multi_Media_Italy\tbMult.dll = C:\Programmi\Multi_Media_Italy\tbMult.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll = C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll = C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\Aquarium.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://global.acer.com = http://global.acer.com
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://fastweb.it/portale/?benvenuto= = http://fastweb.it/portale/?benvenuto=
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

C:\Documents and Settings\Fanale\Menu Avvio\Programmi\Esecuzione automatica = Stardock ObjectDock.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Acer Empowering Technology.lnk = Acer Empowering Technology.lnk
Acer WLAN 11g USB Dongle.lnk = Acer WLAN 11g USB Dongle.lnk
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
LG SyncManager.lnk = LG SyncManager.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.13 ----
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » mar nov 20, 2007 2:22 pm

non mi sembra ci sia nulla...

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehostinge posta qui il link che ti viene assegnato.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » mar nov 20, 2007 11:03 pm

Link to this page:
Direct Link: http://www.freefilehosting.net/download/MzgxODQ=

GRAZIE per quello che stai facendo [^]
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » mer nov 21, 2007 7:12 am

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\System Volume Information\_restore{CBBEC024-3104-4A31-B114-BF7CA07B7FFE}\RP319\A0118950.exe
C:\Programmi\AdunanzA\Incoming\vitrans.zip/Vista Transformation Pack 2.0.exe


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » mer nov 21, 2007 9:01 pm

Impossibile trovare il file specificato.
Impossibile trovare C:\avenger\*.reg
1 file copiati.
zip warning: C:/backup.zip not found or empty
adding: avenger/A0118950.exe (116 bytes security) (deflated 52%)
adding: avenger/avenger.txt (188 bytes security) (deflated 69%)
adding: avenger/backup.reg (188 bytes security) (stored 0%)
-----------------------------------------------------------------------------------------
Insieme mi si è aperta anche questa pagina:Windows-disco non presente
Exception processing message o0000013 parameters 75blbf9c 4 75blbf9c
annulla, riprova, continua. Ho cliccato annulla perché non mi dava alternative, dopo è uscito questo:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pmihcsrm

*******************

Script file located at: \??\C:\Program Files\kaomoiol.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\System Volume Information\_restore{CBBEC024-3104-4A31-B114-BF7CA07B7FFE}\RP319\A0118950.exe deleted successfully.


Could not open file C:\Programmi\AdunanzA\Incoming\vitrans.zip/Vista Transformation Pack 2.0.exe for deletion
Deletion of file C:\Programmi\AdunanzA\Incoming\vitrans.zip/Vista Transformation Pack 2.0.exe failed!

Could not process line:
C:\Programmi\AdunanzA\Incoming\vitrans.zip/Vista Transformation Pack 2.0.exe
Status: 0xc0000033


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » mer nov 21, 2007 9:04 pm

prova a eliminare manualmente questo file:

C:\Programmi\AdunanzA\Incoming\vitrans.zip/Vista Transformation Pack 2.0.exe
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » mer nov 21, 2007 10:29 pm

Fatto [^] Toglimi una curiosità io ho installato sul pc vista transformatio pack 5.0 che cambia il look di xp in vista, c'entra qual'cosa con quello che mi hai fatto eliminare? [uhm] Fammi sapere GRAZIE
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » gio nov 22, 2007 7:05 am

non penso ma le cose se sono free è meglio scaricarle da internet....
come dice kaspersky non è un virus:

not-a-virus:RiskTool.Win32.CloseApp.a
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fanale » gio nov 22, 2007 7:09 pm

Cosa ci resta da fare? [uhm]
Avatar utente
fanale
Aficionado
Aficionado
 
Messaggi: 38
Iscritto il: ven set 14, 2007 8:10 pm
Località: Cinisello Balsamo(MI)

Messaggioda ste_95 » gio nov 22, 2007 7:22 pm

parrebbe più nulla...
come va?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising