Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Mouse posseduto

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Mouse posseduto

Messaggioda ssjx » lun nov 23, 2009 10:49 am

OK già so che come al solito mi verrà detto che tutti i log sono puliti.... fatto sta che a tutti i problemi che il desktop di mio fratello aveva ora si è aggiunto anche questo: il mouse è spesso totalmente indemoniato... si ferma e non si muove per diversi minuti, poi riparte e fa quello che gli pare e robe così

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.02.40, on 22/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe
C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Prevx\prevx.exe
D:\Programmi\Utility\FreeProxy\FreeProxy.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Sicurezza\Tools\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DrvIcon] D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [OutpostFeedBack] "D:\Programmi\Sicurezza\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\PRODUT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8647089203
O20 - AppInit_DLLs: d:\progra~1\sicure~1\outpos~1\wl_hook.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: Free Proxy Service (FreeProxy) - Unknown owner - D:\Programmi\Utility\FreeProxy\FreeProxy.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9088 bytes


Gmer rootkit

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-22 22:26:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\kwloipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xF779D1CC]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAE60ABF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAE627920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAE606F60]
SSDT F7BF3106 ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAE61E2B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAE61EBB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAE605D10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAE611E40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xF779D206]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xAE62AF30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAE610B20]
SSDT F7BF310B ZwDeleteKey
SSDT F7BF3115 ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAE61BBB0]
SSDT F7BF311A ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAE6116B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAE609C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xAE612FC0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xF779D51A]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAE606580]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xF779D3F6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xF779D292]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAE60B8A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAE615750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xAE615FA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAE624ED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAE619590]
SSDT F7BF3124 ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAE629A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAE629D70]
SSDT F7BF311F ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAE617C80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAE6184D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAE628480]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xF779D18E]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xAE62B520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAE60CBF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAE61B1C0]
SSDT F7BF3110 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAE623190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAE623AC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAE62A770]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xF779D64E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xF779D316]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAE61C530]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xF779D34E]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2540 80501D78 2 Bytes [C0, 2F]
.text ntkrnlpa.exe!ZwCallbackReturn + 25E4 80501E1C 2 Bytes [50, 57] {PUSH EAX; PUSH EDI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2628 80501E60 2 Bytes [A0, 5F]
.text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501E9C 2 Bytes [90, 95] {NOP ; XCHG EBP, EAX}
.text ntkrnlpa.exe!ZwCallbackReturn + 2667 80501E9F 5 Bytes [AE, 24, 31, BF, F7]
.text ...
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6DA7000, 0x1B601E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 015A5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009CA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009CA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009CA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009CA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 0073A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0073A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0073A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 0073A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00B3A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00B3A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00B3A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00B3A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe[1400] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00522570 D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 0068A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0068A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0068A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 0068A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01955AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C05AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\atmuni.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\rawwan.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)

Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1301\Shell@ScrollPos1440x900(\21).x 0

---- EOF - GMER 1.0.15 ----
Usavo IE e mi lamentavo... usavo Mozilla e mi lamentavo, decisamente meno ma mi lamentavo, ... poi ho trovato Opera e fu amore a prima vista
Avatar utente
ssjx
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5756
Iscritto il: ven nov 26, 2004 3:37 pm
Località: Barcellona

Re: Mouse posseduto

Messaggioda ssjx » lun nov 23, 2009 10:51 am

Gmer autostart

GMER 1.0.15.15252 - http://www.gmer.net
Autostart scan 2009-11-23 10:14:53
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = d:\progra~1\sicure~1\outpos~1\wl_hook.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ABBYY.Licensing.FineReader.Professional.9.0@ = "C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service
acssrv@ = D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe
AntiVirMailService@ = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe"
AntiVirSchedulerService@ = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe"
AntiVirService@ = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe"
AntiVirWebService@ = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
CSIScanner@ = "C:\Programmi\Prevx\prevx.exe" /service
FreeProxy@ = D:\Programmi\Utility\FreeProxy\FreeProxy.exe -{BeginFreeProxyService} -C"D:\Programmi\Utility\FreeProxy\Default.cfg"
gusvc@ = "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
ProtexisLicensing@ = C:\WINDOWS\system32\PSIService.exe
PSI_SVC_2@ = "C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe"
SCardSvr@ = %SystemRoot%\System32\SCardSvr.exe
TuneUp.ProgramStatisticsSvc@ = %SystemRoot%\System32\TUProgSt.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@SkyTelSkyTel.EXE = SkyTel.EXE
@AlcmtrALCMTR.EXE = ALCMTR.EXE
@DrvIconD:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe = D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe
@AME_CSArundll32 amecsa.cpl,RUN_DLL = rundll32 amecsa.cpl,RUN_DLL
@OutpostFeedBack"D:\Programmi\Sicurezza\Outpost Firewall\feedback.exe" /dump:os_startup = "D:\Programmi\Sicurezza\Outpost Firewall\feedback.exe" /dump:os_startup
@avgnt"D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@SunJavaUpdateSched"C:\Programmi\Java\jre6\bin\jusched.exe" = "C:\Programmi\Java\jre6\bin\jusched.exe"
@Malwarebytes Anti-Malware (reboot)"D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript = "D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@VistaStartMenu"D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe" = "D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe"
@AtiTrayTools"C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe" = "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{4F07DA45-8170-4859-9B5F-037EF2970034} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{AD392E40-428C-459F-961E-9B147782D099} /*UltraISO*/D:\Programmi\Utility\UltraISO\isoshell.dll = D:\Programmi\Utility\UltraISO\isoshell.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Produttivit?\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Produttivit?\Microsoft Office\OFFICE11\msohev.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{59A3380E-5305-4cea-BD99-4F2FF510C91F} /*FineReader9ContextMenu*/D:\Programmi\Produttivit?\ABBYY FineReader 9.0\FRIntegration.dll = D:\Programmi\Produttivit?\ABBYY FineReader 9.0\FRIntegration.dll
@{B1883831-F0D8-4453-8245-EEAAD866DD6E} /*HashTab Context Menu*/(null) =
@{8A56567E-A333-4843-B6E1-C3A262E41D8C} /*HashTab Property Page*/D:\Programmi\Utility\HashTab Shell Extension\HashTab32.dll = D:\Programmi\Utility\HashTab Shell Extension\HashTab32.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} /*DropboxExt*/D:\Programmi\Utility\Dropbox\DropboxExt.dll = D:\Programmi\Utility\Dropbox\DropboxExt.dll
@{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} /*DropboxExt*/D:\Programmi\Utility\Dropbox\DropboxExt.dll = D:\Programmi\Utility\Dropbox\DropboxExt.dll
@{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} /*DropboxExt*/D:\Programmi\Utility\Dropbox\DropboxExt.dll = D:\Programmi\Utility\Dropbox\DropboxExt.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/D:\Programmi\Sicurezza\Avira\AntiVir Desktop\shlext.dll = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\shlext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\Utility\WinRAR\rarext.dll = D:\Programmi\Utility\WinRAR\rarext.dll
@{44440D00-FF19-4AFC-B765-9A0970567D97} /*TuneUp Theme Extension*/%SystemRoot%\System32\uxtuneup.dll = %SystemRoot%\System32\uxtuneup.dll
@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} /*TuneUp Shredder Shell Extension*/D:\Programmi\Utility\TuneUp Utilities 2009\SDShelEx-win32.dll = D:\Programmi\Utility\TuneUp Utilities 2009\SDShelEx-win32.dll
@{4838CD50-7E5D-4811-9B17-C47A85539F28} /*TuneUp Disk Space Explorer Shell Extension*/D:\Programmi\Utility\TuneUp Utilities 2009\DseShExt-x86.dll = D:\Programmi\Utility\TuneUp Utilities 2009\DseShExt-x86.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Programmi\Windows Live\Mail\mailcomm.dll = C:\Programmi\Windows Live\Mail\mailcomm.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DropboxExt@{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = D:\Programmi\Utility\Dropbox\DropboxExt.dll
FineReader9ContextMenu@{59A3380E-5305-4cea-BD99-4F2FF510C91F} = D:\Programmi\Produttivit?\ABBYY FineReader 9.0\FRIntegration.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\shlext.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = D:\Programmi\Utility\TuneUp Utilities 2009\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\Utility\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DropboxExt@{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = D:\Programmi\Utility\Dropbox\DropboxExt.dll
TuneUp Disk Space Explorer Shell Extension@{4838CD50-7E5D-4811-9B17-C47A85539F28} = D:\Programmi\Utility\TuneUp Utilities 2009\DseShExt-x86.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = D:\Programmi\Utility\TuneUp Utilities 2009\SDShelEx-win32.dll
UltraISO@{AD392E40-428C-459F-961E-9B147782D099} = D:\Programmi\Utility\UltraISO\isoshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\Utility\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\shlext.dll
UltraISO@{AD392E40-428C-459F-961E-9B147782D099} = D:\Programmi\Utility\UltraISO\isoshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\Utility\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{53707962-6F74-2D53-2644-206D7942484F}D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll = D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
@{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll = C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll = D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll = C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll
@{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}C:\Programmi\Windows Live\Toolbar\wltcore.dll = C:\Programmi\Windows Live\Toolbar\wltcore.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
wlmailhtml@CLSID = C:\Programmi\Windows Live\Mail\mailcomm.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26F66FE2-DD37-4547-9CD0-9337CB788E2A} /*Connessione rete senza fili*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F06F853-3F53-43F9-92F6-13FD8D2E8F09} /*Connessione rete senza fili*/ >>>
@IPAddress192.168.0.10 = 192.168.0.10
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avsda.dll
000000000002@PackedCatalogItem = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avsda.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avsda.dll

---- EOF - GMER 1.0.15 ----
Usavo IE e mi lamentavo... usavo Mozilla e mi lamentavo, decisamente meno ma mi lamentavo, ... poi ho trovato Opera e fu amore a prima vista
Avatar utente
ssjx
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5756
Iscritto il: ven nov 26, 2004 3:37 pm
Località: Barcellona

Re: Mouse posseduto

Messaggioda ssjx » lun nov 23, 2009 10:51 am

Gmer autostart (show all)

GMER 1.0.15.15252 - http://www.gmer.net
Autostart scan 2009-11-23 10:14:23
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = d:\progra~1\sicure~1\outpos~1\wl_hook.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ABBYY.Licensing.FineReader.Professional.9.0@ = "C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service
acssrv@ = D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe
AntiVirMailService@ = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe"
AntiVirSchedulerService@ = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe"
AntiVirService@ = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe"
AntiVirWebService@ = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BITS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CSIScanner@ = "C:\Programmi\Prevx\prevx.exe" /service
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
FreeProxy@ = D:\Programmi\Utility\FreeProxy\FreeProxy.exe -{BeginFreeProxyService} -C"D:\Programmi\Utility\FreeProxy\Default.cfg"
gusvc@ = "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LanmanServer@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
PlugPlay@ = %SystemRoot%\system32\services.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
ProtexisLicensing@ = C:\WINDOWS\system32\PSIService.exe
PSI_SVC_2@ = "C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe"
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
SCardSvr@ = %SystemRoot%\System32\SCardSvr.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
TuneUp.ProgramStatisticsSvc@ = %SystemRoot%\System32\TUProgSt.exe
UxTuneUp@ = %SystemRoot%\System32\svchost.exe -k netsvcs
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@SkyTelSkyTel.EXE = SkyTel.EXE
@AlcmtrALCMTR.EXE = ALCMTR.EXE
@DrvIconD:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe = D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe
@AME_CSArundll32 amecsa.cpl,RUN_DLL = rundll32 amecsa.cpl,RUN_DLL
@OutpostFeedBack"D:\Programmi\Sicurezza\Outpost Firewall\feedback.exe" /dump:os_startup = "D:\Programmi\Sicurezza\Outpost Firewall\feedback.exe" /dump:os_startup
@avgnt"D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash = "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@SunJavaUpdateSched"C:\Programmi\Java\jre6\bin\jusched.exe" = "C:\Programmi\Java\jre6\bin\jusched.exe"
@Malwarebytes Anti-Malware (reboot)"D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript = "D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@VistaStartMenu"D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe" = "D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe"
@AtiTrayTools"C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe" = "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{4F07DA45-8170-4859-9B5F-037EF2970034}(null) =

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Shell Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E62-B078-11d0-89E4-00C04FC9E26E} /*History Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{AD392E40-428C-459F-961E-9B147782D099} /*UltraISO*/D:\Programmi\Utility\UltraISO\isoshell.dll = D:\Programmi\Utility\UltraISO\isoshell.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\Programmi\Produttivit?\Microsoft Office\OFFICE11\msohev.dll = D:\Programmi\Produttivit?\Microsoft Office\OFFICE11\msohev.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{59A3380E-5305-4cea-BD99-4F2FF510C91F} /*FineReader9ContextMenu*/D:\Programmi\Produttivit?\ABBYY FineReader 9.0\FRIntegration.dll = D:\Programmi\Produttivit?\ABBYY FineReader 9.0\FRIntegration.dll
@{B1883831-F0D8-4453-8245-EEAAD866DD6E} /*HashTab Context Menu*/(null) =
@{8A56567E-A333-4843-B6E1-C3A262E41D8C} /*HashTab Property Page*/D:\Programmi\Utility\HashTab Shell Extension\HashTab32.dll = D:\Programmi\Utility\HashTab Shell Extension\HashTab32.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{25336920-03f9-11cf-8fd0-00aa00686f13} /*HTML Document*/C:\WINDOWS\system32\mshtml.dll = C:\WINDOWS\system32\mshtml.dll
@{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} /*MSHTML Document*/C:\WINDOWS\system32\mshtml.dll = C:\WINDOWS\system32\mshtml.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} /*DropboxExt*/D:\Programmi\Utility\Dropbox\DropboxExt.dll = D:\Programmi\Utility\Dropbox\DropboxExt.dll
@{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} /*DropboxExt*/D:\Programmi\Utility\Dropbox\DropboxExt.dll = D:\Programmi\Utility\Dropbox\DropboxExt.dll
@{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} /*DropboxExt*/D:\Programmi\Utility\Dropbox\DropboxExt.dll = D:\Programmi\Utility\Dropbox\DropboxExt.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/D:\Programmi\Sicurezza\Avira\AntiVir Desktop\shlext.dll = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\shlext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\Utility\WinRAR\rarext.dll = D:\Programmi\Utility\WinRAR\rarext.dll
@{44440D00-FF19-4AFC-B765-9A0970567D97} /*TuneUp Theme Extension*/%SystemRoot%\System32\uxtuneup.dll = %SystemRoot%\System32\uxtuneup.dll
@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} /*TuneUp Shredder Shell Extension*/D:\Programmi\Utility\TuneUp Utilities 2009\SDShelEx-win32.dll = D:\Programmi\Utility\TuneUp Utilities 2009\SDShelEx-win32.dll
@{4838CD50-7E5D-4811-9B17-C47A85539F28} /*TuneUp Disk Space Explorer Shell Extension*/D:\Programmi\Utility\TuneUp Utilities 2009\DseShExt-x86.dll = D:\Programmi\Utility\TuneUp Utilities 2009\DseShExt-x86.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Programmi\Windows Live\Mail\mailcomm.dll = C:\Programmi\Windows Live\Mail\mailcomm.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DropboxExt@{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = D:\Programmi\Utility\Dropbox\DropboxExt.dll
FineReader9ContextMenu@{59A3380E-5305-4cea-BD99-4F2FF510C91F} = D:\Programmi\Produttivit?\ABBYY FineReader 9.0\FRIntegration.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\shlext.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = D:\Programmi\Utility\TuneUp Utilities 2009\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\Utility\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DropboxExt@{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = D:\Programmi\Utility\Dropbox\DropboxExt.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
TuneUp Disk Space Explorer Shell Extension@{4838CD50-7E5D-4811-9B17-C47A85539F28} = D:\Programmi\Utility\TuneUp Utilities 2009\DseShExt-x86.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = D:\Programmi\Utility\TuneUp Utilities 2009\SDShelEx-win32.dll
UltraISO@{AD392E40-428C-459F-961E-9B147782D099} = D:\Programmi\Utility\UltraISO\isoshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\Utility\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\shlext.dll
UltraISO@{AD392E40-428C-459F-961E-9B147782D099} = D:\Programmi\Utility\UltraISO\isoshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\Utility\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{53707962-6F74-2D53-2644-206D7942484F}D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll = D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
@{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll = C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll = D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll = C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll
@{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}C:\Programmi\Windows Live\Toolbar\wltcore.dll = C:\Programmi\Windows Live\Toolbar\wltcore.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
wlmailhtml@CLSID = C:\Programmi\Windows Live\Mail\mailcomm.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26F66FE2-DD37-4547-9CD0-9337CB788E2A} /*Connessione rete senza fili*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F06F853-3F53-43F9-92F6-13FD8D2E8F09} /*Connessione rete senza fili*/ >>>
@IPAddress192.168.0.10 = 192.168.0.10
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avsda.dll
000000000002@PackedCatalogItem = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avsda.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avsda.dll

---- EOF - GMER 1.0.15 ----
Usavo IE e mi lamentavo... usavo Mozilla e mi lamentavo, decisamente meno ma mi lamentavo, ... poi ho trovato Opera e fu amore a prima vista
Avatar utente
ssjx
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5756
Iscritto il: ven nov 26, 2004 3:37 pm
Località: Barcellona


Re: Mouse posseduto

Messaggioda ssjx » lun nov 23, 2009 10:52 am

Combofix

ComboFix 09-11-22.02 - Amministratore 23/11/2009 10.22.05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.584 [GMT 1:00]
Eseguito da: d:\programmi\Sicurezza\Tools\ComboFix\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {001300D4-0000-0000-1000-00007454927C}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Amministratore\Dati applicazioni\.#

.
((((((((((((((((((((((((( Files Creati Da 2009-10-23 al 2009-11-23 )))))))))))))))))))))))))))))))))))
.

2009-11-22 20:23 . 2009-11-22 20:23 -------- d-----w- c:\programmi\Alwil Software
2009-11-22 20:23 . 2009-11-22 20:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2009-11-22 20:19 . 2009-11-22 20:22 36779552 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Google Updater\cache\packdata_ci_avast_5.0.178.0_mui_setup.exe
2009-11-22 20:19 . 2009-11-22 20:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-11-22 20:19 . 2009-11-22 20:19 -------- d-----w- c:\programmi\Google
2009-11-22 14:32 . 2009-11-22 14:42 5562672 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\TVU Networks\AutoUpgrade\TVUPlayer2.4.9.1.exe
2009-11-21 12:07 . 2009-11-22 14:27 53136 ----a-w- c:\windows\system32\PxSecure.dll
2009-11-21 12:07 . 2009-11-22 14:27 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-11-21 12:07 . 2009-11-22 14:27 46896 ----a-w- c:\windows\system32\drivers\pxrts.sys
2009-11-21 12:07 . 2009-11-22 14:27 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2009-11-21 12:06 . 2009-11-21 12:06 -------- d-----w- c:\programmi\Prevx
2009-11-21 12:06 . 2009-11-21 16:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-11-17 19:05 . 2009-10-16 14:50 2520888 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-11-17 19:05 . 2008-03-04 17:52 286720 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-11-17 19:05 . 2007-10-31 08:39 59904 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-11-17 19:05 . 2007-05-17 12:58 143360 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-11-17 19:05 . 2006-10-18 16:32 499712 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-11-17 19:05 . 2006-10-18 16:32 348160 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-11-17 19:05 . 2006-10-16 17:44 196608 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-11-17 19:05 . 2006-10-16 17:44 1028096 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-11-14 18:32 . 2008-08-10 14:18 176128 ----a-w- c:\windows\system32\FreeProxyDLL392.dll
2009-11-13 17:20 . 2009-11-13 17:20 -------- d-----w- c:\programmi\Lunascape
2009-11-11 22:19 . 2006-06-14 11:53 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys
2009-11-11 22:16 . 2008-04-13 10:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-11 22:16 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-11 15:15 . 2009-11-11 15:34 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\IObit
2009-11-11 11:23 . 2009-11-11 11:23 -------- d-----w- c:\windows\Performance
2009-11-11 11:23 . 2009-11-11 11:23 -------- d-----w- c:\documents and settings\Amministratore\Impostazioni locali\Dati applicazioni\Microsoft Corporation
2009-11-11 11:03 . 2009-11-11 11:03 152576 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 10:10 . 2009-11-15 16:27 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\vlc
2009-11-03 08:56 . 2009-11-03 08:56 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\Malwarebytes
2009-11-03 08:56 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 08:56 . 2009-11-03 08:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-03 08:56 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 19:16 . 2009-11-02 19:16 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\teamspeak2
2009-10-24 14:28 . 2009-10-24 14:28 -------- d-----w- c:\documents and settings\Amministratore\Impostazioni locali\Dati applicazioni\FeedDemon
2009-10-24 14:27 . 2009-10-24 14:27 -------- d-----w- c:\programmi\FeedDemon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 20:26 . 2008-11-25 09:39 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\Vista Start Menu
2009-11-22 14:32 . 2008-09-21 18:37 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\TVU Networks
2009-11-21 16:27 . 2008-08-13 16:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-21 11:56 . 2008-08-13 16:28 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-18 15:04 . 2009-10-05 10:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-11-11 15:34 . 2008-11-25 09:42 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\Azureus
2009-11-11 15:34 . 2008-11-09 19:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-11-11 11:04 . 2009-04-13 13:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-11 11:02 . 2001-08-31 15:00 77168 ----a-w- c:\windows\system32\perfc010.dat
2009-11-11 11:02 . 2001-08-31 15:00 472932 ----a-w- c:\windows\system32\perfh010.dat
2009-11-10 19:58 . 2009-04-08 12:15 -------- d-----w- c:\programmi\Microsoft
2009-11-10 19:57 . 2008-11-09 19:03 -------- d-----w- c:\programmi\Windows Live
2009-10-24 13:37 . 2009-10-05 10:06 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\Babylon
2009-10-22 10:34 . 2009-10-22 10:34 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-22 10:34 . 2009-10-22 10:34 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-22 10:34 . 2009-10-22 10:34 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\TuneUp Software
2009-10-22 10:34 . 2009-10-22 10:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-10-22 10:28 . 2009-10-22 10:28 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-19 10:31 . 2009-10-19 10:31 -------- d-----w- c:\programmi\Java
2009-10-15 10:49 . 2009-10-15 10:49 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-10-12 17:48 . 2009-07-31 13:16 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\dvdcss
2009-10-06 11:40 . 2009-10-15 11:19 545280 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-10-06 11:40 . 2009-10-15 11:19 153600 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-10-06 11:40 . 2009-10-15 11:19 103424 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-10-06 11:40 . 2009-10-15 11:19 344064 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-10-06 11:40 . 2009-10-15 11:19 4716544 ----a-w- c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-10-05 10:39 . 2009-10-05 10:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-10-05 08:36 . 2009-10-05 08:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FogelSoft
2009-10-05 08:36 . 2009-10-05 08:36 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\FogelSoft
2009-10-04 08:46 . 2009-10-04 08:46 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\Avira
2009-10-04 08:38 . 2009-10-03 19:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-10-03 20:07 . 2009-10-03 20:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2009-10-01 10:39 . 2008-08-13 15:10 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-01 09:02 . 2008-09-20 14:04 -------- d-----w- c:\documents and settings\Amministratore\Dati applicazioni\Ashampoo
2009-09-27 15:30 . 2008-08-27 14:28 -------- d-----w- c:\programmi\Juris Data
2009-01-09 23:27 . 2009-01-09 23:27 8 --sh--r- c:\windows\system32\790E3A24B6.sys
2009-01-10 17:52 . 2009-01-09 23:27 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- d:\programmi\Utility\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- d:\programmi\Utility\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- d:\programmi\Utility\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="d:\programmi\Utility\Vista Start Menu\VistaStartMenu.exe" [2009-10-27 2202456]
"AtiTrayTools"="c:\programmi\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 521128]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="d:\programmi\Utility\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"OutpostFeedBack"="d:\programmi\Sicurezza\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"avgnt"="d:\programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-11-11 149280]
"Malwarebytes Anti-Malware (reboot)"="d:\programmi\Sicurezza\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"AME_CSA"="amecsa.cpl" - c:\windows\system32\AmeCSA.cpl [2002-04-29 720896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [21/11/2009 13.07.01 30280]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/08/2008 17.38.44 11264]
R1 atitray;atitray;c:\programmi\Ray Adams\ATI Tray Tools\atitray.sys [22/05/2007 10.04.54 18088]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [03/10/2009 21.09.58 704384]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [06/12/2007 21.03.41 660768]
R2 acssrv;Agnitum Client Security Service;d:\progra~1\SICURE~1\OUTPOS~1\acs.exe [03/10/2009 21.08.25 1195008]
R2 AntiVirMailService;Avira AntiVir MailGuard;d:\programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe [04/10/2009 9.38.07 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe [04/10/2009 9.38.08 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;d:\programmi\Sicurezza\Avira\AntiVir Desktop\avwebgrd.exe [04/10/2009 9.38.07 434945]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [21/11/2009 13.06.59 6248080]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [08/04/2009 13.19.58 54752]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [21/11/2009 13.07.01 46896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [22/10/2009 11.34.57 604488]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [03/10/2009 21.08.28 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [03/10/2009 21.09.50 257432]
R3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [13/08/2008 16.59.12 110839]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [21/11/2009 13.07.00 24368]
S2 FreeProxy;Free Proxy Service;d:\programmi\Utility\FreeProxy\FreeProxy.exe -{BeginFreeProxyService} -C"d:\programmi\Utility\FreeProxy\Default.cfg" --> d:\programmi\Utility\FreeProxy\FreeProxy.exe -{BeginFreeProxyService} -Cd:\programmi\Utility\FreeProxy\Default.cfg [?]
S3 AtmElan;LAN ATM emulata;c:\windows\system32\drivers\atmlane.sys [13/04/2008 10.51.32 55808]
S3 AtmLane;Emulazione LAN ATM;c:\windows\system32\drivers\atmlane.sys [13/04/2008 10.51.32 55808]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 pbfilter;pbfilter;d:\programmi\Sicurezza\PeerBlock\pbfilter.sys [13/11/2009 17.29.03 14424]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [13/04/2009 11.21.37 79888]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-22 20:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Translate this web page with Babylon - d:\programmi\Utility\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - d:\programmi\Utility\Babylon\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://d:\programmi\Utility\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
LSP: d:\programmi\Sicurezza\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Amministratore\Dati applicazioni\Mozilla\Firefox\Profiles\vq2hkjqx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\programmi\Internet\Browser\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: d:\programmi\Multimedia Editing\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\programmi\Multimedia Editing\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programmi\Multimedia\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\programmi\Internet\Browser\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - d:\programmi\Grafica\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 10:33
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(996)
c:\windows\system32\WININET.dll
c:\programmi\Ray Adams\ATI Tray Tools\raphook.dll
d:\programmi\Utility\Dropbox\DropboxExt.dll
c:\progra~1\WINDOW~2\wmpband.dll
d:\programmi\Utility\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
d:\programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PSIService.exe
c:\programmi\File comuni\Protexis\License Service\PsiService_2.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-23 10:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-23 09:37

Pre-Run: 3.341.316.096 byte disponibili
Post-Run: 3.213.012.992 byte disponibili

- - End Of File - - 76F5F128BA87E544F88EA6E54E7E029E
Usavo IE e mi lamentavo... usavo Mozilla e mi lamentavo, decisamente meno ma mi lamentavo, ... poi ho trovato Opera e fu amore a prima vista
Avatar utente
ssjx
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5756
Iscritto il: ven nov 26, 2004 3:37 pm
Località: Barcellona

Re: Mouse posseduto

Messaggioda Palpas » lun nov 23, 2009 11:58 am

A questo punto penso che sia un problema del mouse....cambialo, cosa poco.
Zane grazie per l'esperienza MLI
Avatar utente
Palpas
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2544
Iscritto il: mar set 25, 2007 4:48 pm

Re: Mouse posseduto

Messaggioda Roberto88 » lun nov 23, 2009 12:11 pm

è senza fili?
se è collegato ha la pallina sotto o senza?
se è senza fili non saprei che dirti, se è con la pallina smontalo e pulisci da dentro i vari rulli su cui poggia la pallina se è senza pallina prova a cambiare tappetino.
in ogni caso mi ricorda il problema che avevo io : troppi processi in esecuzione => memoria al limite => si bloccava tutto, se muovevo il mouse ovviamente il puntatore non si spostava di un millimetro, ma appena il PC "riprendeva fiato", era come se i movimenti eseguiti precedentemente col mouse fossero stati "registrati" e così in ritardo senza che toccassi il mouse il puntatore cominciava a gironzolare un po' ovunque [boh]
within the truth of evil and good there's more than you see
....much more than you should
Avatar utente
Roberto88
Bronze Member
Bronze Member
 
Messaggi: 968
Iscritto il: mar nov 11, 2008 11:17 pm

Re: Mouse posseduto

Messaggioda ssjx » lun nov 23, 2009 12:18 pm

Palpas ha scritto:A questo punto penso che sia un problema del mouse....cambialo, cosa poco.

Avevo pensato anche io la stessa cosa all'inizio ma usandolo mi son reso conto che se fosse il mouse ad essere rotto non si spiegherebbe ad esempio perché spesso si muove per i fatti suoi (cosa non correlata ad eventuali movimenti prima del blocco) oppure se si sta navigando viene attivato il tasto centrale (rotellina) automaticamente

Poi alle strette posso anche sostituirlo ma sono abbastanza convinto che non risolverei

è senza fili?
se è collegato ha la pallina sotto o senza?
se è senza fili non saprei che dirti, se è con la pallina smontalo e pulisci da dentro i vari rulli su cui poggia la pallina se è senza pallina prova a cambiare tappetino.
in ogni caso mi ricorda il problema che avevo io : troppi processi in esecuzione => memoria al limite => si bloccava tutto, se muovevo il mouse ovviamente il puntatore non si spostava di un millimetro, ma appena il PC "riprendeva fiato", era come se i movimenti eseguiti precedentemente col mouse fossero stati "registrati" e così in ritardo senza che toccassi il mouse il puntatore cominciava a gironzolare un po' ovunque

Fatto già tutto ed anche quello del "riprender fiato" non è plausibile per i motivi sopra detti


In realtà la sensazione è esattamente quella di quando qualcun altro accede al PC da remoto e muove il puntatore (non so se l'avete mai sperimentato)
Usavo IE e mi lamentavo... usavo Mozilla e mi lamentavo, decisamente meno ma mi lamentavo, ... poi ho trovato Opera e fu amore a prima vista
Avatar utente
ssjx
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5756
Iscritto il: ven nov 26, 2004 3:37 pm
Località: Barcellona

Re: Mouse posseduto

Messaggioda ssjx » lun nov 23, 2009 5:42 pm

Crazy, Ste, Amantide ...... voi cosa dite? [8)]
Usavo IE e mi lamentavo... usavo Mozilla e mi lamentavo, decisamente meno ma mi lamentavo, ... poi ho trovato Opera e fu amore a prima vista
Avatar utente
ssjx
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5756
Iscritto il: ven nov 26, 2004 3:37 pm
Località: Barcellona

Re: Mouse posseduto

Messaggioda crazy.cat » lun nov 23, 2009 6:15 pm

ssjx ha scritto:Crazy, Ste, Amantide ...... voi cosa dite? [8)]

Comincia a provare a cambiare mouse, i log mi sembrano a posto.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Mouse posseduto

Messaggioda ssjx » lun nov 23, 2009 6:20 pm

OK mi sa che allora è il modo migliore per capirci qualcosa [V]

grazie mille [ciao]
Usavo IE e mi lamentavo... usavo Mozilla e mi lamentavo, decisamente meno ma mi lamentavo, ... poi ho trovato Opera e fu amore a prima vista
Avatar utente
ssjx
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5756
Iscritto il: ven nov 26, 2004 3:37 pm
Località: Barcellona


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising