Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Computer Stra lento.

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Computer Stra lento.

Messaggioda piacio1984 » mer mar 07, 2007 7:59 pm

Ciao a tutti, gia una volta mi avete aitato con il mio pc e spero lo facciate ancora... il mio pc non va avanti neanche a spingerlo... molto lento. ho installato spyware terminator spybot search and destroy zone labs e anche bitdefender come antivirus. dopo uno scan mi sono spuntate mille cose da eliminare ma cosa di questo devo tenere. vi invio lo scan fatto con hijack saluti marco

Logfile of HijackThis v1.99.1
Scan saved at 18.41.11, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\SPMSMON.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Utility\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\utility\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX10.148\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/2/hi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /stat.dat was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Utility\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\utility\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [ccEvtMrg.exe] ccEvtMrg.exe
O4 - HKLM\..\RunServices: [DirectX 32] directx32.exe
O4 - HKLM\..\RunServices: [Windows Update] wamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A203036-87CB-44DD-B62D-B0104821452D}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows Update Service (muamgrd) - Unknown owner - C:\WINDOWS\System32\muamgrd.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda crazy.cat » mer mar 07, 2007 8:17 pm

Tre discussioni aperte e tutte nella sezione sbagliata.
Adesso leggo il resto perché hai un mezzo disastro.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda piacio1984 » mer mar 07, 2007 8:21 pm

ho una connessione wirless che va e viene, credevo di averlo postato solo una volta sorry. le altre cancellale pure thx
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am


Messaggioda crazy.cat » mer mar 07, 2007 8:25 pm

L'antivirus funziona bene?

Da cancellare queste righe e anche tutti i file in rosso.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /stat.dat was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O4 - HKLM\..\RunServices: [ccEvtMrg.exe] ccEvtMrg.exe
O4 - HKLM\..\RunServices: [DirectX 32] directx32.exe
O4 - HKLM\..\RunServices: [Windows Update] wamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O23 - Service: Windows Update Service (muamgrd) - Unknown owner - C:\WINDOWS\System32\muamgrd.exe (file missing)

Consigliato una scansione online sul sito della kaspersky per vedere quanti altri virus ci sono.
Alla fine salva il log della scansione e postalo qui.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda piacio1984 » mer mar 07, 2007 8:38 pm

non mi lascia fare lo scan, appena faccio per avviare mi si apre una finestra per la connessione modem che chiudo ma poi non mi lascia accettare mi dai il link corretto per favore
o hai qualche altra idea? ho fixato tutto quello che mi hai detto. come maleware uso a=squared free
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda crazy.cat » mer mar 07, 2007 8:39 pm

Puzza di virus bagle....

Scarica gmer e fai una scansione e posta qui il log della sezione autostart
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda piacio1984 » mer mar 07, 2007 8:52 pm

ciao scusa la mia ignoranza ma che cos'e il log? sto facendo lo scan
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda crazy.cat » mer mar 07, 2007 9:01 pm

piacio1984 ha scritto:ciao scusa la mia ignoranza ma che cos'e il log? sto facendo lo scan

E' più o meno la stessa cosa del log di hiajckthis che hai già postato.
Ci sono una marea di discussioni sul bagle in questa sezione.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda piacio1984 » mer mar 07, 2007 9:01 pm

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-07 19:58:58
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwClose
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwConnectPort
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreatePort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateWaitablePort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwDuplicateObject
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateValueKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwFlushKey
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwLoadDriver
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwLoadKey
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwOpenFile
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwOpenThread
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwQueryKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwSecureConnectPort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwSetInformationFile
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwSetValueKey
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwTerminateProcess
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwUnloadKey
SSDT \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ B0, 8E, CE, F1, C0, F6, CE, ... ]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ B0, 8E, CE, F1, C0, F6, CE, ... ]

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Spyware Terminator\Spywareterminatorshield.Exe[676] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[1404] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\System32\sockspy.dll
.text C:\Program Files\WinRAR\WinRAR.exe[1416] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00363090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!sendto 71AB2C69 3 Bytes JMP 00362D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!sendto + 4 71AB2C6D 1 Byte [ 8E ]
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00362CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00363020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00362DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!send 71AB428A 5 Bytes JMP 00362AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00362D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 00362A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00363060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Utility\Zone Labs\ZoneAlarm\zlclient.exe[2128] WS2_32.dll!accept 71AC1028 5 Bytes JMP 00362F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[2152] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Messenger\msmsgs.exe[2208] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\ctfmon.exe[2312] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2412] ws2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Owner\Desktop\Hypercut.exe[2540] WS2_32.DLL!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.119\gmer.exe[2600] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\RAMASST.exe[2736] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\00THotkey.exe[3260] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\System32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3276] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\TFNF5.exe[3280] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3300] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Toshiba\TouchED\TouchED.exe[3312] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\TPSMain.exe[3328] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003A3090 C:\WINDOWS\system32\sockspy.dll
.text ...

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F1CFAA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F1CFAA80] vsdatant.sys

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Owner\Desktop\setups\setups\Favorites\infermiere\Travel Pack -- Itinerary Details - Book a Trip -- Philadelphia :favicon

---- EOF - GMER 1.0.12 ----
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda crazy.cat » mer mar 07, 2007 9:04 pm

Premi il tasto con le tre >>> c'è una sezione chiamata autostart serve quello come log
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda piacio1984 » mer mar 07, 2007 9:08 pm

sul log non c'e scritto niente
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda crazy.cat » mer mar 07, 2007 9:09 pm

Seleziona show all e premi scan
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda piacio1984 » mer mar 07, 2007 9:17 pm

sul menu autostart o su rootkit? ci sono da tutte e due
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda piacio1984 » mer mar 07, 2007 9:24 pm

perdonami ma mi sento davvero ignorante. di pc ne so davvero poco...
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda Amantide » mer mar 07, 2007 10:08 pm

Avvia Gmer, clicca su questo bottone >>>, seleziona la scheda Autostart, spunta la voce Show all e premi su Scan.
A scansione terminata clicca sul tasto Copy ed incolla il risultato qui. [:)]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda piacio1984 » gio mar 08, 2007 2:08 am

ecco cosa e risultato

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-03-08 01:06:36
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = sockspy.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Automatic LiveUpdate Scheduler /*Automatic LiveUpdate Scheduler*/@ = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
bdss /*BitDefender Scan Server*/@ = "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Browser /*Computer Browser*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CFSvcs /*ConfigFree Service*/@ = C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
CryptSvc /*Cryptographic Services*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*DCOM Server Process Launcher*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*DHCP Client*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*DNS Client*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
DVD-RAM_Service /*DVD-RAM_Service*/@ = C:\WINDOWS\System32\DVDRAMSV.exe
ERSvc /*Error Reporting Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Event Log*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Help and Support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Irmon /*Infrared Monitor*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LIVESRV /*BitDefender Desktop Update Service*/@ = "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
LmHosts /*TCP/IP NetBIOS Helper*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
muamgrd /*Windows Update Service*/@ = C:\WINDOWS\System32\muamgrd.exe /*file not found*/
NVSvc /*NVIDIA Driver Helper Service*/@ = %SystemRoot%\System32\nvsvc32.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*IPSEC Services*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Protected Storage*/@ = %SystemRoot%\system32\lsass.exe
RpcSs /*Remote Procedure Call (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Security Accounts Manager*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Task Scheduler*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Secondary Logon*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*System Event Notification*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall/Internet Connection Sharing (ICS)*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection /*Shell Hardware Detection*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*System Restore Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc /*Windows Image Acquisition (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Themes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Distributed Link Tracking Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
VSSERV /*BitDefender Virus Shield*/@ = "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
W32Time /*Windows Time*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Windows Management Instrumentation*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Security Center*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Automatic Updates*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Wireless Zero Configuration*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
XCOMM /*BitDefender Communicator*/@ = "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@00THotkeyC:\WINDOWS\System32\00THotkey.exe = C:\WINDOWS\System32\00THotkey.exe
@000StTHK000StTHK.exe = 000StTHK.exe
@TFNF5TFNF5.exe = TFNF5.exe
@SynTPLprC:\Program Files\Synaptics\SynTP\SynTPLpr.exe = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@TouchEDC:\Program Files\TOSHIBA\TouchED\TouchED.Exe = C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
@TPSMainTPSMain.exe = TPSMain.exe
@ezShieldProtector for PxC:\WINDOWS\System32\ezSP_Px.exe = C:\WINDOWS\System32\ezSP_Px.exe
@SigmaTel StacMonC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe = C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /installquiet = nwiz.exe /installquiet
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@HPDJ Taskbar UtilityC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@ChangeICONC:\WINDOWS\SPMSMON.EXE = C:\WINDOWS\SPMSMON.EXE
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@BDMCon"C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg = "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
@BDAgent"C:\Program Files\Softwin\BitDefender10\bdagent.exe" = "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@SpywareTerminator"C:\Program Files\Utility\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Program Files\Utility\Spyware Terminator\SpywareTerminatorShield.exe"
@Zone Labs Client"C:\Program Files\utility\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\utility\Zone Labs\ZoneAlarm\zlclient.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@TOSCDSPDC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Program Files\Common Files\System\Ole DB\oledb32.dll = C:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Address Bar Parser*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/C:\Program Files\Outlook Express\wabfind.dll = C:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{C4213067-97B3-4929-9B98-B5600FBBBA13} /*TouchED*/C:\Program Files\TOSHIBA\TouchED\TouchED.dll = C:\Program Files\TOSHIBA\TouchED\TouchED.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/C:\Program Files\Softwin\BitDefender10\bdshelxt.dll = C:\Program Files\Softwin\BitDefender10\bdshelxt.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/C:\PROGRA~1\Utility\A-SQUA~1\A2FREE~1.DLL = C:\PROGRA~1\Utility\A-SQUA~1\A2FREE~1.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{D653647D-D607-4df6-A5B8-48D2BA195F7B}C:\Program Files\Softwin\BitDefender10\bdshelxt.dll = C:\Program Files\Softwin\BitDefender10\bdshelxt.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\Utility\A-SQUA~1\A2FREE~1.DLL
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender10\bdshelxt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{D653647D-D607-4df6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender10\bdshelxt.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL = C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar4.dll = c:\program files\google\googletoolbar4.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://news.bbc.co.uk/2/hi.html = http://news.bbc.co.uk/2/hi.html
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = C:\WINDOWS\System32\mscoree.dll
application/x-complus@CLSID = C:\WINDOWS\System32\mscoree.dll
application/x-msdownload@CLSID = C:\WINDOWS\System32\mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A203036-87CB-44DD-B62D-B0104821452D} /*LAN*/ >>>
@IPAddress88.47.61.18 = 88.47.61.18
@NameServer151.99.125.2,151.99.125.3 = 151.99.125.2,151.99.125.3
@DefaultGateway88.47.61.17 = 88.47.61.17
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Microsoft Office OneNote 2003 Quick Launch.lnk = Microsoft Office OneNote 2003 Quick Launch.lnk
RAMASST.lnk = RAMASST.lnk

---- EOF - GMER 1.0.12 ----
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda Amantide » gio mar 08, 2007 2:21 pm

Nel log non si vede nulla di pericoloso, fai la scansione con A-squared e Superantispyware ed elimina o metti in quarantena tutto ciò che troveranno.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda piacio1984 » gio mar 08, 2007 2:46 pm

gia fatto con a squared spybot search and destroy e spyware terminator. come antivirus ho bit defender 9. posso farlo interagire anche con antivirpe? il problema più grande è che all'apertura o ogni tanto mi avvia la finestra per la connessione via modem a numeri strani idee?
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Messaggioda Amantide » gio mar 08, 2007 3:00 pm

piacio1984 ha scritto:gia fatto con a squared spybot search and destroy e spyware terminator.

Se ti ho detto di fare la scansione con altri programmi ci sarà una ragione, no? [std]
come antivirus ho bit defender 9. posso farlo interagire anche con antivirpe?

Solo se disattivi il controllo in tempo reale di bit defender.

il problema più grande è che all'apertura o ogni tanto mi avvia la finestra per la connessione via modem a numeri strani idee?

Fai la scansione con i 2 programmi che ti ho consigliato prima.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda piacio1984 » sab mar 10, 2007 8:28 pm

scusa il ritardo ma ho avuto da fare in questi due giorni. ho fatto la scansione ancora con superantysotware e con a squared... ora va molto meglio, gira veoce e senza problemi. tuttavia la luminosita del mio schermo e calta e non riesco piu ad alzarla. prima di usare i programmi di pulizia usavo, essendo questo pc un toshiba portatile, il trasto fn piu f2 ma ora non va piu avete idee... comunque per la velocita ora non mi posso lamentare. tra bit defender e antivir pe che mi consigliate? ciao
Avatar utente
piacio1984
Neo Iscritto
Neo Iscritto
 
Messaggi: 21
Iscritto il: sab feb 10, 2007 1:21 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising