Aiutatemi..ho un virus!!

Aperto da isabella, 19 Agosto 2008, 19:47:18

Discussione precedente - Discussione successiva

0 Utenti e 1 Visitatore stanno visualizzando questa discussione.

Stampa
Vai giĆ¹ Pagine1
Azioni

isabella

19 Agosto 2008, 19:47:18 Ultima modifica: 19 Agosto 2008, 19:52:30 di isabella
Ciao Ragazzi,credo di avere un virus nel pc,ogni volta che lo accendo mi compare un messaggio di Avira antivirus,vi posto il log che ho fatto con sistemscan,spero che qualcuno di voi mi aiuti a risolvere il problema.ciao ragazzi!
 
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 3 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Sawadee\Desktop\sys886.exe
Running in: User mode
Date: 19/08/2008
Time: 3.40.41
 
Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include HIJACKTHIS.log
03/09/2007 18.07.38 (DIR) 0 byte 351 days old -- Administrator
25/06/2008 02.47.41 4096 byte 55 days old -- ADMINI~1.HOM.LOG
25/06/2008 13.31.21 (DIR) 0 byte 55 days old -- Default User
10/08/2008 14.15.06 (DIR) 0 byte 9 days old -- All Users
12/08/2008 08.12.13 (DIR) 0 byte 7 days old -- NetworkService
12/08/2008 08.12.13 (DIR) 0 byte 7 days old -- LocalService
 
### startup files in users folders
Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
===================== RECENT FILES =====================
Showing files newer than 120 days
----- recent files in C:\
04/05/2008 11.46.14 268 byte 107 days old -- sqmdata00.sqm
04/05/2008 11.46.14 244 byte 107 days old -- sqmnoopt00.sqm
15/05/2008 14.15.29 268 byte 96 days old -- sqmdata01.sqm
15/05/2008 14.15.29 244 byte 96 days old -- sqmnoopt01.sqm
15/05/2008 18.35.42 268 byte 96 days old -- sqmdata02.sqm
15/05/2008 18.35.42 244 byte 96 days old -- sqmnoopt02.sqm
15/05/2008 22.02.34 244 byte 96 days old -- sqmnoopt03.sqm
15/05/2008 22.02.34 268 byte 96 days old -- sqmdata03.sqm
28/05/2008 21.35.46 211 byte 83 days old -- boot.ini
29/05/2008 02.04.37 9730 byte 82 days old -- idsuite_run.bat
23/06/2008 22.18.38 24652 byte 57 days old -- ASLog.txt
25/06/2008 13.21.15 251600 byte 55 days old -- ntldr
26/06/2008 05.30.08 (DIR) 0 byte 54 days old -- Plug-Ins
08/07/2008 18.04.01 (DIR) 0 byte 42 days old -- APSOWIN
21/07/2008 18.56.32 232 byte 29 days old -- sqmdata04.sqm
21/07/2008 18.56.32 244 byte 29 days old -- sqmnoopt04.sqm
21/07/2008 18.57.04 244 byte 29 days old -- sqmnoopt05.sqm
21/07/2008 18.57.04 232 byte 29 days old -- sqmdata05.sqm
21/07/2008 19.14.11 244 byte 29 days old -- sqmnoopt06.sqm
21/07/2008 19.14.11 232 byte 29 days old -- sqmdata06.sqm
21/07/2008 23.10.28 268 byte 29 days old -- sqmdata07.sqm
21/07/2008 23.10.28 244 byte 29 days old -- sqmnoopt07.sqm
22/07/2008 10.20.16 244 byte 28 days old -- sqmnoopt08.sqm
22/07/2008 10.20.16 268 byte 28 days old -- sqmdata08.sqm
22/07/2008 14.01.15 244 byte 28 days old -- sqmnoopt09.sqm
22/07/2008 14.01.15 268 byte 28 days old -- sqmdata09.sqm
22/07/2008 20.05.26 244 byte 28 days old -- sqmnoopt10.sqm
22/07/2008 20.05.26 268 byte 28 days old -- sqmdata10.sqm
22/07/2008 22.30.35 268 byte 28 days old -- sqmdata11.sqm
22/07/2008 22.30.35 244 byte 28 days old -- sqmnoopt11.sqm
23/07/2008 13.22.50 244 byte 27 days old -- sqmnoopt12.sqm
23/07/2008 13.22.50 268 byte 27 days old -- sqmdata12.sqm
23/07/2008 15.43.36 244 byte 27 days old -- sqmnoopt13.sqm
23/07/2008 15.43.36 268 byte 27 days old -- sqmdata13.sqm
23/07/2008 18.40.34 268 byte 27 days old -- sqmdata14.sqm
23/07/2008 18.40.34 244 byte 27 days old -- sqmnoopt14.sqm
28/07/2008 00.59.22 (DIR) 0 byte 22 days old -- NVIDIA
03/08/2008 12.37.37 (DIR) 0 byte 16 days old -- Program Files
07/08/2008 22.56.25 (DIR) 0 byte 12 days old -- 3gptemp
07/08/2008 23.14.24 1076 byte 12 days old -- SMax.log
09/08/2008 00.03.06 (DIR) 0 byte 10 days old -- Documents and Settings
09/08/2008 00.21.53 (DIR) 0 byte 10 days old -- VEXPLITE
11/08/2008 18.47.30 (DIR) 0 byte 8 days old -- System Volume Information
12/08/2008 07.35.56 (DIR) 0 byte 7 days old -- RECYCLER
12/08/2008 09.39.18 (DIR) 0 byte 7 days old -- WINSSLog
18/08/2008 03.01.55 (DIR) 0 byte 1 days old -- Programmi
18/08/2008 03.11.52 (DIR) 0 byte 1 days old -- WINDOWS
19/08/2008 00.18.23 (DIR)-2147483648 byte 0 days old -- pagefile.sys
----- recent files in C:\WINDOWS\
28/05/2008 21.35.45 227 byte 83 days old -- SYSTEM.INI
29/05/2008 03.20.09 73216 byte 82 days old -- ST6UNST.EXE
02/06/2008 03.42.21 (DIR) 0 byte 78 days old -- __eereg
05/06/2008 00.42.18 (DIR) 0 byte 75 days old -- assembly
25/06/2008 13.18.06 (DIR) 0 byte 55 days old -- EHome
25/06/2008 13.22.48 (DIR) 0 byte 55 days old -- system
25/06/2008 13.23.10 (DIR) 0 byte 55 days old -- srchasst
25/06/2008 13.24.46 (DIR) 0 byte 55 days old -- l2schemas
25/06/2008 13.24.46 (DIR) 0 byte 55 days old -- PeerNet
25/06/2008 13.24.59 (DIR) 0 byte 55 days old -- network diagnostic
25/06/2008 13.24.59 (DIR) 0 byte 55 days old -- ime
25/06/2008 13.25.00 (DIR) 0 byte 55 days old -- ServicePackFiles
25/06/2008 13.28.47 (DIR) 0 byte 55 days old -- security
27/06/2008 00.57.30 (DIR) 0 byte 53 days old -- SHELLNEW
27/06/2008 00.57.30 (DIR) 0 byte 53 days old -- Web
29/06/2008 04.52.48 77312 byte 51 days old -- ua2.dll
03/07/2008 00.42.03 (DIR) 0 byte 47 days old -- Downloaded Installations
04/07/2008 12.22.19 262144 byte 46 days old -- BCUnInstall.exe
13/07/2008 01.18.15 37 byte 37 days old -- ritracc.ini
13/07/2008 13.08.56 749 byte 37 days old -- WindowsShell.Manifest
13/07/2008 13.52.39 38 byte 37 days old -- avisplitter.INI
14/07/2008 05.09.30 205560 byte 36 days old -- UNBOC.EXE
15/07/2008 00.52.18 1452 byte 35 days old -- ST6UNST.000
15/07/2008 00.53.13 4921 byte 35 days old -- SETUP.LST
15/07/2008 00.53.33 286720 byte 35 days old -- Setup1.exe
15/07/2008 00.59.10 4260 byte 35 days old -- ST6UNST.001
18/07/2008 07.24.36 363 byte 32 days old -- gmer.ini
22/07/2008 13.39.57 (DIR) 0 byte 28 days old -- $hf_mig$
31/07/2008 13.53.58 (DIR) 0 byte 19 days old -- msagent
31/07/2008 14.00.01 (DIR) 0 byte 19 days old -- AppPatch
01/08/2008 20.44.31 (DIR) 0 byte 18 days old -- Fonts
02/08/2008 23.20.14 (DIR) 0 byte 17 days old -- WinSxS
03/08/2008 00.31.23 121 byte 16 days old -- bdagent.INI
03/08/2008 02.46.39 (DIR) 0 byte 16 days old -- SxsCaPendDel
03/08/2008 02.47.41 10344 byte 16 days old -- BOC427.INI
04/08/2008 20.39.10 850 byte 15 days old -- win.ini
09/08/2008 17.33.06 546 byte 10 days old -- ODBC.INI
09/08/2008 17.33.29 675840 byte 10 days old -- is-MR11H.exe
09/08/2008 17.33.29 309 byte 10 days old -- is-MR11H.lst
09/08/2008 17.33.29 11694 byte 10 days old -- is-MR11H.msg
10/08/2008 13.58.34 (DIR) 0 byte 9 days old -- twain_32
10/08/2008 17.08.08 2122 byte 9 days old -- Sandboxie.ini
11/08/2008 02.05.29 (DIR) 0 byte 8 days old -- Minidump
11/08/2008 18.08.08 (DIR) 0 byte 8 days old -- $NtServicePackUninstallNLSDownlevelMapping$
11/08/2008 18.08.59 (DIR) 0 byte 8 days old -- $NtServicePackUninstallIDNMitigationAPIs$
12/08/2008 05.11.29 (DIR) 0 byte 7 days old -- Downloaded Program Files
12/08/2008 07.15.03 (DIR) 0 byte 7 days old -- Media
12/08/2008 07.15.12 (DIR) 0 byte 7 days old -- WBEM
12/08/2008 08.13.39 0 byte 7 days old -- Sti_Trace.log
13/08/2008 02.24.09 116 byte 6 days old -- NeroDigital.ini
14/08/2008 01.39.56 (DIR) 0 byte 5 days old -- Help
14/08/2008 01.40.00 (DIR) 0 byte 5 days old -- RegisteredPackages
14/08/2008 02.03.49 (DIR) 0 byte 5 days old -- system32
14/08/2008 02.13.15 (DIR) 0 byte 5 days old -- inf
14/08/2008 03.00.54 (DIR) 0 byte 5 days old -- Debug
14/08/2008 04.20.31 808 byte 5 days old -- IE4 Error Log.txt
14/08/2008 17.40.09 2900 byte 5 days old -- setupapi.log
16/08/2008 14.33.38 (DIR) 0 byte 3 days old -- Installer
18/08/2008 03.14.29 119860 byte 1 days old -- ntbtlog.txt
19/08/2008 00.18.25 2048 byte 0 days old -- bootstat.dat
19/08/2008 00.18.57 50 byte 0 days old -- wiaservc.log
19/08/2008 00.18.58 157 byte 0 days old -- wiadebug.log
19/08/2008 00.19.03 0 byte 0 days old -- 0.log
19/08/2008 00.19.42 339083 byte 0 days old -- WindowsUpdate.log
19/08/2008 03.40.21 (DIR) 0 byte 0 days old -- Tasks
19/08/2008 03.40.33 (DIR) 0 byte 0 days old -- Temp
19/08/2008 03.40.35 (DIR) 0 byte 0 days old -- Prefetch
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
23/04/2008 17.17.28 504352 byte 118 days old -- OGAAddin.dll
23/04/2008 17.17.34 504864 byte 118 days old -- OGAVerify.exe
23/04/2008 17.17.34 693792 byte 118 days old -- OGACheckControl.dll
23/04/2008 17.17.42 909864 byte 118 days old -- WGATray.exe
03/05/2008 23.37.18 22016 byte 108 days old -- Uninstow.exe
07/05/2008 07.10.16 1293312 byte 104 days old -- quartz.dll
07/05/2008 11.07.23 135168 byte 104 days old -- cscript.exe
08/05/2008 13.24.44 155648 byte 103 days old -- wscript.exe
09/05/2008 12.53.49 512000 byte 102 days old -- jscript.dll
09/05/2008 12.53.49 172032 byte 102 days old -- scrrun.dll
09/05/2008 12.53.49 180224 byte 102 days old -- scrobj.dll
09/05/2008 12.53.50 90112 byte 102 days old -- wshext.dll
09/05/2008 12.53.50 430080 byte 102 days old -- vbscript.dll
10/05/2008 01.23.52 135168 byte 101 days old -- wshom.ocx
27/05/2008 10.50.34 90112 byte 84 days old -- QuickTimeVR.qtx
27/05/2008 10.50.34 57344 byte 84 days old -- QuickTime.qts
02/06/2008 20.09.03 7076 byte 78 days old -- jupdate-1.5.0_06-b05.log
03/06/2008 20.53.19 23392 byte 77 days old -- nscompat.tlb
03/06/2008 20.53.19 16832 byte 77 days old -- amcompat.tlb
04/06/2008 16.29.08 446464 byte 76 days old -- NVUNINST.EXE
11/06/2008 21.33.54 3940 byte 69 days old -- PQ_DEBUG.TXT
20/06/2008 19.46.57 147968 byte 60 days old -- dnsapi.dll
20/06/2008 19.46.57 247296 byte 60 days old -- mswsock.dll
24/06/2008 09.46.29 (DIR) 0 byte 56 days old -- %DataFolder%
25/06/2008 09.15.48 17972344 byte 55 days old -- MRT.exe
25/06/2008 13.20.22 (DIR) 0 byte 55 days old -- ReinstallBackups
25/06/2008 13.22.50 (DIR) 0 byte 55 days old -- oobe
25/06/2008 13.23.08 (DIR) 0 byte 55 days old -- Com
25/06/2008 13.23.12 (DIR) 0 byte 55 days old -- npp
25/06/2008 13.24.46 (DIR) 0 byte 55 days old -- bits
25/06/2008 13.24.46 (DIR) 0 byte 55 days old -- it
25/06/2008 13.24.47 (DIR) 0 byte 55 days old -- usmt
25/06/2008 13.29.58 (DIR) 0 byte 55 days old -- wbem
25/06/2008 13.29.59 (DIR) 0 byte 55 days old -- Setup
25/06/2008 13.30.31 90 byte 55 days old -- spupdwxp.log
25/06/2008 13.34.17 6675 byte 55 days old -- jupdate-1.6.0_06-b02.log
25/06/2008 15.49.53 256656 byte 55 days old -- FNTCACHE.DAT
03/07/2008 00.50.38 37888 byte 47 days old -- setupnt.dll
13/07/2008 13.08.56 749 byte 37 days old -- cdplayer.exe.manifest
13/07/2008 13.08.56 749 byte 37 days old -- nwc.cpl.manifest
13/07/2008 13.08.56 749 byte 37 days old -- sapi.cpl.manifest
13/07/2008 13.08.56 749 byte 37 days old -- ncpa.cpl.manifest
13/07/2008 13.08.56 749 byte 37 days old -- wuaucpl.cpl.manifest
15/07/2008 00.54.39 405504 byte 35 days old -- Pego32a.ocx
15/07/2008 00.54.54 137000 byte 35 days old -- MSMAPI32.OCX
15/07/2008 00.55.46 532545 byte 35 days old -- msfl72d.dll
19/07/2008 16.30.53 94392 byte 31 days old -- AvastSS.scr
19/07/2008 16.43.08 1163960 byte 31 days old -- aswBoot.exe
25/07/2008 13.11.50 44544 byte 25 days old -- procguard.dll
27/07/2008 17.54.47 172432 byte 23 days old -- nvdb02.adghz
31/07/2008 20.44.35 34308 byte 19 days old -- BASSMOD.dll
02/08/2008 05.56.15 434252 byte 17 days old -- MSVCRTD.DLL
02/08/2008 05.56.15 216576 byte 17 days old -- monln.dll
02/08/2008 13.59.55 (DIR) 0 byte 17 days old -- Microsoft
03/08/2008 00.31.18 81984 byte 16 days old -- bdod.bin
04/08/2008 14.12.06 14 byte 15 days old -- getfile.dat
06/08/2008 13.20.02 426622 byte 13 days old -- perfh009.dat
06/08/2008 13.20.02 473988 byte 13 days old -- perfh010.dat
06/08/2008 13.20.02 71896 byte 13 days old -- perfc009.dat
06/08/2008 13.20.02 85194 byte 13 days old -- perfc010.dat
06/08/2008 13.20.02 1071858 byte 13 days old -- PerfStringBackup.INI
07/08/2008 19.06.26 2934 byte 12 days old -- CONFIG.NT
11/08/2008 03.21.12 44968 byte 8 days old -- pguard.dat
11/08/2008 03.24.06 8404 byte 8 days old -- pghash.dat
11/08/2008 18.47.30 (DIR) 0 byte 8 days old -- Restore
12/08/2008 06.03.09 (DIR) 0 byte 7 days old -- Macromed
12/08/2008 07.15.06 (DIR) 0 byte 7 days old -- it-it
12/08/2008 07.15.36 490 byte 7 days old -- spupdsvc.inf
12/08/2008 07.15.59 (DIR) 0 byte 7 days old -- CatRoot
12/08/2008 07.18.26 2422 byte 7 days old -- wpa.dbl
12/08/2008 08.13.47 0 byte 7 days old -- h323log.txt
14/08/2008 01.38.34 1233920 byte 5 days old -- msxml4.dll
14/08/2008 01.38.34 82432 byte 5 days old -- msxml4r.dll
14/08/2008 01.39.31 (DIR) 0 byte 5 days old -- DirectX
14/08/2008 01.39.58 (DIR) 0 byte 5 days old -- drivers
14/08/2008 01.40.03 (DIR) 0 byte 5 days old -- dllcache
14/08/2008 03.09.25 (DIR) 0 byte 5 days old -- config
17/08/2008 04.29.23 (DIR) 0 byte 2 days old -- CatRoot2
----- recent files in C:\WINDOWS\system32\drivers\
08/05/2008 16.02.52 203136 byte 103 days old -- rmcast.sys
09/05/2008 13.15.51 45376 byte 102 days old -- avgntdd.sys
02/06/2008 03.42.21 (DIR) 0 byte 78 days old -- UMDF
11/06/2008 01.23.10 39264 byte 69 days old -- tifsfilt.sys
11/06/2008 01.23.10 395744 byte 69 days old -- timntr.sys
14/06/2008 19.32.08 272768 byte 66 days old -- bthport.sys
20/06/2008 13.08.27 225856 byte 60 days old -- tcpip6.sys
20/06/2008 13.40.08 138496 byte 60 days old -- afd.sys
20/06/2008 13.51.12 361600 byte 60 days old -- tcpip.sys
23/06/2008 23.14.42 10368 byte 57 days old -- pfc.sys
27/06/2008 15.03.55 75072 byte 53 days old -- avipbb.sys
03/07/2008 00.50.38 65856 byte 47 days old -- snapman.sys
19/07/2008 16.32.15 26944 byte 31 days old -- aavmker4.sys
19/07/2008 16.32.36 42912 byte 31 days old -- aswTdi.sys
19/07/2008 16.33.42 23152 byte 31 days old -- aswRdr.sys
19/07/2008 16.35.18 78416 byte 31 days old -- aswSP.sys
19/07/2008 16.37.21 94416 byte 31 days old -- aswmon2.sys
19/07/2008 16.37.42 20560 byte 31 days old -- aswFsBlk.sys
25/07/2008 13.33.06 26688 byte 25 days old -- procguard.sys
05/08/2008 18.06.10 (DIR) 0 byte 14 days old -- etc
06/08/2008 09.38.10 14568 byte 13 days old -- bc_hash_f.sys
06/08/2008 09.38.12 26984 byte 13 days old -- bc_ip_f.sys
06/08/2008 09.38.15 14440 byte 13 days old -- bc_pat_f.sys
06/08/2008 09.38.17 18280 byte 13 days old -- bc_prt_f.sys
06/08/2008 09.38.20 23016 byte 13 days old -- bc_tdi_f.sys
06/08/2008 09.38.25 18664 byte 13 days old -- bc_ngn.sys
06/08/2008 09.38.32 23656 byte 13 days old -- bcfilter.sys
06/08/2008 09.38.37 64488 byte 13 days old -- bcftdi.sys
11/08/2008 01.33.41 28352 byte 8 days old -- ssmdrv.sys
11/08/2008 04.11.14 141312 byte 8 days old -- sp_rsdrv2.sys
----- recent files in C:\WINDOWS\temp\
19/08/2008 03.40.41 (DIR) 0 byte 0 days old -- nsk9.tmp
19/08/2008 03.41.00 16384 byte 0 days old -- ~DFE0EB.tmp
19/08/2008 03.41.00 52 byte 0 days old -- systemscan.ini
----- recent files in C:\Programmi\
02/06/2008 03.42.20 (DIR) 0 byte 78 days old -- SBC5
02/06/2008 20.33.42 (DIR) 0 byte 78 days old -- Uniblue
02/06/2008 21.23.26 (DIR) 0 byte 78 days old -- NoClone
03/06/2008 18.39.11 (DIR) 0 byte 77 days old -- iTunes
06/06/2008 01.16.24 (DIR) 0 byte 74 days old -- Driver-Soft
08/06/2008 23.48.56 (DIR) 0 byte 72 days old -- Microsoft ActiveSync
20/06/2008 00.38.18 (DIR) 0 byte 60 days old -- Mustek 1200 UB Plus
22/06/2008 19.44.37 (DIR) 0 byte 58 days old -- BetTrader PRO
24/06/2008 14.58.20 (DIR) 0 byte 56 days old -- Jap
25/06/2008 13.23.06 (DIR) 0 byte 55 days old -- Windows NT
25/06/2008 13.23.06 (DIR) 0 byte 55 days old -- Outlook Express
25/06/2008 13.23.09 (DIR) 0 byte 55 days old -- NetMeeting
25/06/2008 13.24.46 (DIR) 0 byte 55 days old -- Movie Maker
25/06/2008 13.34.17 (DIR) 0 byte 55 days old -- Java
25/06/2008 14.02.47 (DIR) 0 byte 55 days old -- CCleaner
25/06/2008 15.49.52 (DIR) 0 byte 55 days old -- Eusing Free Registry Cleaner
25/06/2008 16.04.42 (DIR) 0 byte 55 days old -- Privacyware
26/06/2008 07.28.42 (DIR) 0 byte 54 days old -- Diskeeper Corporation
30/06/2008 08.04.15 (DIR) 0 byte 50 days old -- regseeker
30/06/2008 08.04.49 (DIR) 0 byte 50 days old -- dat
30/06/2008 14.07.31 (DIR) 0 byte 50 days old -- ewido anti-malware
30/06/2008 19.10.36 (DIR) 0 byte 50 days old -- RegCleaner
02/07/2008 19.39.49 (DIR) 0 byte 48 days old -- Ahead
02/07/2008 20.13.17 14120442 byte 48 days old -- klcodec395f.exe
02/07/2008 20.18.53 (DIR) 0 byte 48 days old -- AC3Filter
07/07/2008 19.44.03 (DIR) 0 byte 43 days old -- MIKSOFT
15/07/2008 01.21.10 (DIR) 0 byte 35 days old -- ToniArts
15/07/2008 04.04.47 (DIR) 0 byte 35 days old -- Unlocker
18/07/2008 06.00.50 (DIR) 0 byte 32 days old -- micro
23/07/2008 21.58.26 (DIR) 0 byte 27 days old -- Windows Live
01/08/2008 19.08.59 (DIR) 0 byte 18 days old -- Windows Live Safety Center
01/08/2008 20.44.17 (DIR) 0 byte 18 days old -- Innovative Solutions
02/08/2008 22.32.38 (DIR) 0 byte 17 days old -- Yamicsoft
05/08/2008 18.05.57 (DIR) 0 byte 14 days old -- Tall Emu
07/08/2008 22.56.26 (DIR) 0 byte 12 days old -- YouTube Downloader
07/08/2008 22.56.26 (DIR) 0 byte 12 days old -- Cookie Monster
08/08/2008 02.01.13 (DIR) 0 byte 11 days old -- DivX
08/08/2008 02.01.13 (DIR) 0 byte 11 days old -- WashAndGo
08/08/2008 03.17.53 (DIR) 0 byte 11 days old -- Wiki Process 1
09/08/2008 00.51.52 (DIR) 0 byte 10 days old -- Avira
09/08/2008 16.12.55 (DIR) 0 byte 10 days old -- Messenger
10/08/2008 05.07.24 (DIR) 0 byte 9 days old -- a-squared Free
10/08/2008 13.47.36 (DIR) 0 byte 9 days old -- SpywareBlaster
10/08/2008 14.03.02 (DIR) 0 byte 9 days old -- Creative
10/08/2008 14.15.02 (DIR) 0 byte 9 days old -- Windows Media Player
10/08/2008 15.22.41 (DIR) 0 byte 9 days old -- Smarty Uninstaller Pro
10/08/2008 15.24.34 (DIR) 0 byte 9 days old -- VS Revo Group
10/08/2008 16.40.53 (DIR) 0 byte 9 days old -- Avira GmbH
10/08/2008 16.40.53 (DIR) 0 byte 9 days old -- InstallShield Installation Information
10/08/2008 18.38.53 (DIR) 0 byte 9 days old -- Jetico
10/08/2008 20.30.45 (DIR) 0 byte 9 days old -- COMODO
10/08/2008 21.37.31 (DIR) 0 byte 9 days old -- ID Security Suite
11/08/2008 02.12.24 (DIR) 0 byte 8 days old -- Total Uninstall 4
11/08/2008 03.24.48 (DIR) 0 byte 8 days old -- ProcessGuard
11/08/2008 04.14.02 (DIR) 0 byte 8 days old -- Spyware Terminator
12/08/2008 07.41.16 (DIR) 0 byte 7 days old -- Internet Explorer
12/08/2008 07.49.52 (DIR) 0 byte 7 days old -- Registry Mechanic
13/08/2008 04.21.59 (DIR) 0 byte 6 days old -- WinRAR
14/08/2008 01.39.28 (DIR) 0 byte 5 days old -- File comuni
14/08/2008 01.41.26 (DIR) 0 byte 5 days old -- Adobe
14/08/2008 02.03.20 (DIR) 0 byte 5 days old -- Apple Software Update
14/08/2008 02.04.15 (DIR) 0 byte 5 days old -- QuickTime
17/08/2008 04.30.06 (DIR) 0 byte 2 days old -- WinClamAVShield
17/08/2008 15.27.34 (DIR) 0 byte 2 days old -- adunanza
18/08/2008 03.01.58 (DIR) 0 byte 1 days old -- FileASSASSIN
18/08/2008 03.38.50 (DIR) 0 byte 1 days old -- Oddswiz
----- recent files in C:\Programmi\File comuni\
23/06/2008 23.15.11 (DIR) 0 byte 57 days old -- ACD Systems
24/06/2008 15.39.46 (DIR) 0 byte 56 days old -- Microsoft Shared
25/06/2008 13.23.04 (DIR) 0 byte 55 days old -- System
02/07/2008 19.50.54 (DIR) 0 byte 48 days old -- Ahead
02/08/2008 23.20.02 (DIR) 0 byte 17 days old -- BitDefender
04/08/2008 20.39.13 (DIR) 0 byte 15 days old -- Softwin
14/08/2008 01.39.28 (DIR) 0 byte 5 days old -- Adobe Systems Shared
14/08/2008 01.41.03 (DIR) 0 byte 5 days old -- Adobe
16/08/2008 14.37.07 (DIR) 0 byte 3 days old -- Wise Installation Wizard
----- recent files in \
04/05/2008 11.46.14 268 byte 107 days old -- sqmdata00.sqm
04/05/2008 11.46.14 244 byte 107 days old -- sqmnoopt00.sqm
15/05/2008 14.15.29 268 byte 96 days old -- sqmdata01.sqm
15/05/2008 14.15.29 244 byte 96 days old -- sqmnoopt01.sqm
15/05/2008 18.35.42 268 byte 96 days old -- sqmdata02.sqm
15/05/2008 18.35.42 244 byte 96 days old -- sqmnoopt02.sqm
15/05/2008 22.02.34 244 byte 96 days old -- sqmnoopt03.sqm
15/05/2008 22.02.34 268 byte 96 days old -- sqmdata03.sqm
28/05/2008 21.35.46 211 byte 83 days old -- boot.ini
29/05/2008 02.04.37 9730 byte 82 days old -- idsuite_run.bat
23/06/2008 22.18.38 24652 byte 57 days old -- ASLog.txt
25/06/2008 13.21.15 251600 byte 55 days old -- ntldr
26/06/2008 05.30.08 (DIR) 0 byte 54 days old -- Plug-Ins
08/07/2008 18.04.01 (DIR) 0 byte 42 days old -- APSOWIN
21/07/2008 18.56.32 232 byte 29 days old -- sqmdata04.sqm
21/07/2008 18.56.32 244 byte 29 days old -- sqmnoopt04.sqm
21/07/2008 18.57.04 244 byte 29 days old -- sqmnoopt05.sqm
21/07/2008 18.57.04 232 byte 29 days old -- sqmdata05.sqm
21/07/2008 19.14.11 244 byte 29 days old -- sqmnoopt06.sqm
21/07/2008 19.14.11 232 byte 29 days old -- sqmdata06.sqm
21/07/2008 23.10.28 268 byte 29 days old -- sqmdata07.sqm
21/07/2008 23.10.28 244 byte 29 days old -- sqmnoopt07.sqm
22/07/2008 10.20.16 244 byte 28 days old -- sqmnoopt08.sqm
22/07/2008 10.20.16 268 byte 28 days old -- sqmdata08.sqm
22/07/2008 14.01.15 244 byte 28 days old -- sqmnoopt09.sqm
22/07/2008 14.01.15 268 byte 28 days old -- sqmdata09.sqm
22/07/2008 20.05.26 244 byte 28 days old -- sqmnoopt10.sqm
22/07/2008 20.05.26 268 byte 28 days old -- sqmdata10.sqm
22/07/2008 22.30.35 268 byte 28 days old -- sqmdata11.sqm
22/07/2008 22.30.35 244 byte 28 days old -- sqmnoopt11.sqm
23/07/2008 13.22.50 244 byte 27 days old -- sqmnoopt12.sqm
23/07/2008 13.22.50 268 byte 27 days old -- sqmdata12.sqm
23/07/2008 15.43.36 244 byte 27 days old -- sqmnoopt13.sqm
23/07/2008 15.43.36 268 byte 27 days old -- sqmdata13.sqm
23/07/2008 18.40.34 268 byte 27 days old -- sqmdata14.sqm
23/07/2008 18.40.34 244 byte 27 days old -- sqmnoopt14.sqm
28/07/2008 00.59.22 (DIR) 0 byte 22 days old -- NVIDIA
03/08/2008 12.37.37 (DIR) 0 byte 16 days old -- Program Files
07/08/2008 22.56.25 (DIR) 0 byte 12 days old -- 3gptemp
07/08/2008 23.14.24 1076 byte 12 days old -- SMax.log
09/08/2008 00.03.06 (DIR) 0 byte 10 days old -- Documents and Settings
09/08/2008 00.21.53 (DIR) 0 byte 10 days old -- VEXPLITE
11/08/2008 18.47.30 (DIR) 0 byte 8 days old -- System Volume Information
12/08/2008 07.35.56 (DIR) 0 byte 7 days old -- RECYCLER
12/08/2008 09.39.18 (DIR) 0 byte 7 days old -- WINSSLog
18/08/2008 03.01.55 (DIR) 0 byte 1 days old -- Programmi
18/08/2008 03.11.52 (DIR) 0 byte 1 days old -- WINDOWS
19/08/2008 00.18.23 (DIR)-2147483648 byte 0 days old -- pagefile.sys
----- recent files in C:\WINDOWS\TEMP\
19/08/2008 03.40.41 (DIR) 0 byte 0 days old -- nsk9.tmp
19/08/2008 03.41.00 16384 byte 0 days old -- ~DFE0EB.tmp
19/08/2008 03.41.00 52 byte 0 days old -- systemscan.ini
===================== DUPLICATE FILES IN BAK FOLDERS =====================
No BAK folders found
===================== REGISTRY SCAN =====================
 
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"SunJavaUpdateSched"=\"C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe\"
"avgnt"="\"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"JeticoPFStartup"="\"C:\Programmi\Jetico\Jetico Personal Firewall\jpf.exe\"
"SpywareTerminator"="\"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe\"
"QuickTime Task"="\"C:\Programmi\QuickTime\qttask.exe\" -atboottime"
[Run\AutorunsDisabled]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
[Run\Disabled]
"DiskeeperSystray"="\"C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe\"
[Run\OptionalComponents]
@="
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@="
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@="
[Run\OptionalComponents\MSFS]
"Installed"="1"
@="
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"="
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
[ShellExecuteHooks\AutorunsDisabled]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"="
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"="
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personalizzazione Internet Explorer"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\dimsntfy]
"DllName"=expand:"%SystemRoot%\System32\dimsntfy.dll"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\WgaLogon]
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1\00@"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[Runonce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
[MSConfig]
[MSConfig\services]
[MSConfig\startupfolder]
[MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Controller.LNK]
"location"="Common Startup"
"item"="Controller"
[MSConfig\startupfolder\C:^Documents and Settings^Sawadee^Menu Avvio^Programmi^Esecuzione automatica^PrevxCSI.lnk]
"location"="Startup"
"item"="PrevxCSI"
[MSConfig\startupreg]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="
"hkey"="HKCU"
"command"="
"inimapping"="0"
[MSConfig\startupreg\"C:]
[MSConfig\startupreg\"C:\Programmi]
[MSConfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="apdproxy"
"hkey"="HKLM"
"inimapping"="0"
[MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe\"
"inimapping"="0"
[MSConfig\startupreg\C:]
[MSConfig\startupreg\C:\Salvataggio]
[MSConfig\startupreg\C:\Salvataggio\WINDOWS]
[MSConfig\startupreg\C:\Salvataggio\WINDOWS\system32]
[MSConfig\startupreg\C:\Salvataggio\WINDOWS\system32\nwiz.exe /install]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[MSConfig\startupreg\Camfrog]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Camfrog Video Chat"
"hkey"="HKCU"
"command"="\"C:\Programmi\Camfrog\Camfrog Video Chat\CamfrogNet.exe\" 0 C:\Programmi\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe"
"inimapping"="0"
[MSConfig\startupreg\Creative WebCam Tray]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="CamTray"
"hkey"="HKCU"
"command"="\"C:\Programmi\Creative\Shared Files\CamTray.exe\"
"inimapping"="0"
[MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\WINDOWS\system32\ctfmon.exe"
"inimapping"="0"
[MSConfig\startupreg\Evidence Eliminator]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="ee"
"hkey"="HKCU"
"inimapping"="0"
[MSConfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\Programmi\Microsoft ActiveSync\wcescomm.exe\"
"inimapping"="0"
[MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\Programmi\iTunes\iTunesHelper.exe\"
"inimapping"="0"
[MSConfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\system32\dumprep 0 -k"
"inimapping"="0"
[MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\NeroCheck.exe"
"inimapping"="0"
[MSConfig\startupreg\Orb]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="OrbTray"
"hkey"="HKCU"
"inimapping"="0"
[MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"
[MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\Programmi\File comuni\Real\Update_OB\realsched.exe\" -osboot"
"inimapping"="0"
[MSConfig\startupreg\WebCamRT.exe]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="
"hkey"="HKCU"
"command"="
"inimapping"="0"
[MSConfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002
-----HKCU\Control Panel\Desktop\-----
[Desktop]
"SCRNSAVE.EXE"="logon.scr"
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
//"DefaultPrefix"="http://"[URL\DefaultPrefix]@="http://""DefaultPrefix"="http://"[URL\Prefixes]"ftp"="ftp://""gopher"="gopher://""home"="http://""mosaic"="http://""www"="http://"-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----[Lsa][Lsa\AccessProviders][Lsa\AccessProviders\Windows%20NT%20Access%20Provider]"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"[Lsa\Audit][Lsa\Audit\PerUserAuditing][Lsa\Audit\PerUserAuditing\System][Lsa\Data][Lsa\SSO][Lsa\SSO\Passport1.4]"SSOURL"="[URL]http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00007676
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"="C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"="C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DisableNotifications"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\iTunes\iTunes.exe"="C:\Programmi\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Programmi\Yahoo!\Messenger\YServer.exe"="C:\Programmi\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"="C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programmi\Microsoft ActiveSync\wcescomm.exe"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"="C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Programmi\adunanza\Emule.exe.exe"="C:\Programmi\adunanza\Emule.exe.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22002"
"4662:TCP"="4662:TCP:*:Disabled:eMule_TCP"
"4672:UDP"="4672:UDP:*:Disabled:eMule_UDP"
"3389:TCP"="3389:TCP:*:Enaxxxxx@xxxxxres.dll,-22009"
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
"135:TCP"="135:TCP:*:Enabled:DCOM(135)"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableRemoteConnect"="Y"
"EnableDCOM"="N"
"EnableDCOMHTTP"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"="
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
[AU]
"AUOptions"=dword:00000004
"AutoInstallMinorUpdates"=dword:00000001
"NoAutoUpdate"=dword:00000000
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"DisableSR"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{03D4488E-0F6E-497B-BECA-93F368FA8089}"
[SystemRestore\SnapshotCallbacks]
@="
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Programmi\Java\jre1.6.0_06\bin\regutils.dll"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 10.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"="
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"="
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Macromedia Shockwave Director 10.1"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Guida di Internet Explorer"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
"@="Aggiornamento della protezione per Windows XP (KB923789)"
"ComponentID"="KB923789"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="Accesso sito MSN"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"="
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"
[Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
"ComponentID"="M928366"
"@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"
[Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
"@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"ComponentID"="KB917283"
[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="Guida HTML"
"ComponentID"="HTMLHelp"
[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
-----Comparing registry keys CCS1 vs CCS2 -----
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\sptd\Cfg
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} LeaseObtainedTime REG_DWORD 1204034269 (0x47C41ADD)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} LeaseObtainedTime REG_DWORD 1204035864 (0x47C42118)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} T1 REG_DWORD 1204036069 (0x47C421E5)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} T1 REG_DWORD 1204037664 (0x47C42820)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} T2 REG_DWORD 1204037419 (0x47C4272B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} T2 REG_DWORD 1204039014 (0x47C42D66)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} LeaseTerminatesTime REG_DWORD 1204037869 (0x47C428ED)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} LeaseTerminatesTime REG_DWORD 1204039464 (0x47C42F28)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} DhcpRetryTime REG_DWORD 1800 (0x708)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF} DhcpRetryStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1204034269 (0x47C41ADD)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1204035864 (0x47C42118)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\Parameters\Tcpip T1 REG_DWORD 1204036069 (0x47C421E5)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\Parameters\Tcpip T1 REG_DWORD 1204037664 (0x47C42820)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\Parameters\Tcpip T2 REG_DWORD 1204037419 (0x47C4272B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\Parameters\Tcpip T2 REG_DWORD 1204039014 (0x47C42D66)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1204037869 (0x47C428ED)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1204039464 (0x47C42F28)
Result compared: Different
 
-----Comparing registry keys CCS1 vs CCS3 -----
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\sptd\Cfg
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV Start REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SSDPSRV Start REG_DWORD 4 (0x4)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV Type REG_DWORD 32 (0x20)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV ErrorControl REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalService
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV DisplayName REG_SZ Servizio di rilevamento SSDP
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV DependOnService REG_MULTI_SZ HTTP\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV DependOnGroup REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV ObjectName REG_SZ NT AUTHORITY\LocalService
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV Description REG_SZ Consente di rilevare le periferiche UPnP nella rete domestica.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SSDPSRV\Security
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\symc8xx
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sym_u3
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Linkage Bind REG_MULTI_SZ \Device\{B1F1CC22-26DF-44C5-BE55-32A51D05CEEB}\0\Device\{8A2E71BD-202A-4562-8000-8B451D6CB694}\0\Device\{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\0\Device\NdisWanIp\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Linkage Bind REG_MULTI_SZ \Device\{0C2FD326-EFCB-4547-9CAB-337ACFA181CF}\0\Device\{6A1A37F3-DF80-4D76-9FC4-D57F05E4705A}\0\Device\{B1F1CC22-26DF-44C5-BE55-32A51D05CEEB}\0\Device\NdisWanIp\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Linkage Route REG_MULTI_SZ "{B1F1CC22-26DF-44C5-BE55-32A51D05CEEB}"\0"{8A2E71BD-202A-4562-8000-8B451D6CB694}"\0"{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}"\0"NdisWanIp"\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Linkage Route REG_MULTI_SZ "{0C2FD326-EFCB-4547-9CAB-337ACFA181CF}"\0"{6A1A37F3-DF80-4D76-9FC4-D57F05E4705A}"\0"{B1F1CC22-26DF-44C5-BE55-32A51D05CEEB}"\0"NdisWanIp"\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Linkage Export REG_MULTI_SZ \Device\Tcpip_{B1F1CC22-26DF-44C5-BE55-32A51D05CEEB}\0\Device\Tcpip_{8A2E71BD-202A-4562-8000-8B451D6CB694}\0\Device\Tcpip_{3FB2CE0B-0DF8-4FAF-A366-B666274353EF}\0\Device\Tcpip_{8B4BBB80-FEFF-4BDD-BE33-3497F94FA8F6}\0\Device\Tcpip_{EE9F0974-923C-4ADE-ADE4-6EF91695CD60}\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Linkage Export REG_MULTI_SZ \Device\Tcpip_{0C2FD326-EFCB-4547-9CAB-337ACFA181CF}\0\Device\Tcpip_{6A1A37F3-DF80-4D76-9FC4-D57F05E4705A}\0\Device\Tcpip_{B1F1CC22-26DF-44C5-BE55-32A51D05CEEB}\0\Device\Tcpip_{8B4BBB80-FEFF-4BDD-BE33-3497F94FA8F6}\0\Device\Tcpip_{EE9F0974-923C-4ADE-ADE4-6EF91695CD60}\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters EnableICMPRedirect REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\s

Ninfea

#1
19 Agosto 2008, 22:20:02
Ciao, scarica malwarebytes' Antimalware ed esegui una scansione, poi pulisci il registro di sistema con ccleaner.
Stampa
Vai su Pagine1
Azioni