|
| Precedente :: Successivo |
| Autore |
Messaggio |
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
 Inviato: 24 Apr 2007 18:41 Oggetto: modzhysv.exe in system32 |
 |
|
Ho un programma in esecuzione automatica che al 99,9% è un virus, ma non riesco a toglierlo con l'antivirus Antivir (a dir la verità ho provato a fare la scansione solo in modalità normale, e non provvisoria, e mi dice che non può analizzarlo...)
Se provo a cliccare di destro su questione file che sta in c:\windows\system32
ci mette tipo una 30 di secondi e poi non apre il solito menu come per gli altri file.
Ho fatto una ricerca sul web e su questo file non se ne sa niente..probabilmente è un nome random dato dal virus.
Come posso toglierlo?
Grazie mille
Il nome ripeto è: modzhysv.exe |
|
| Top |
|
 |
Cybion
Dio maturo
Registrato: 11/03/07 14:27
Messaggi: 1731
Residenza: vagabonda senza fissa dimora
|
| Inviato: 24 Apr 2007 19:03 Oggetto: |
|
|
Ciao, innanzitutto posta qui un log di HiJackThis: se non hai già il programma puoi scaricarlo da qui
Estrai il contenuto del file zippato in una cartella permanente, non cartelle temporanee o sul desktop, perchè il programma crea una cartella di backup delle chiavi eliminate e non potrebbe farlo oppure si correrebbe il rischio di cancellazione, se installato in cartelle temporanee!!!
Poi procedi come segue:
1. Chiudi tutte le applicazioni aperte
2. Avvia HiJackThis
3. Clicca su DO A SYSTEM SCAN AND SAVE LOGFILE
4. Attendi che finisca la scansione e che si apra in automatico un foglio di blocco note (il logfile appunto)
5. Copia TUTTO il contenuto del logfile.
6. Incolla qui di seguito il log così ottenuto |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 22:05
Messaggi: 6282
|
| Inviato: 25 Apr 2007 12:07 Oggetto: |
|
|
Hai provato a fare una scansione con un antivirus on-line tipo questi??
Oppure, prova a far scansionare il files da Virustotal... Carichi il files direttamente dal tuo computer e poi posti il risultato. |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 25 Apr 2007 13:43 Oggetto: |
|
|
Non funziona la scansione su quel singolo file.... devo zipparlo per caso?
Appena ho 2 min liberi faccio la scansione con hijack e posto il log |
|
| Top |
|
|
Cybion
Dio maturo
Registrato: 11/03/07 14:27
Messaggi: 1731
Residenza: vagabonda senza fissa dimora
|
| Inviato: 25 Apr 2007 17:41 Oggetto: |
|
|
No non devi zipparlo.
Su Virustotal devi dare il percorso esatto del file, usando il tasto sfoglia che ti appare nella pagina linkata. |
|
| Top |
|
|
holifay
Dio maturo
Registrato: 08/03/05 09:48
Messaggi: 2912
Residenza: Milano
|
| Inviato: 25 Apr 2007 20:59 Oggetto: |
|
|
| se è in esecuzione, facilmente non si lascerà nè copiare, nè zippare e quindi nemmeno uploadare su Virustotal |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 02 Mag 2007 11:55 Oggetto: |
|
|
Ho fatto scansione completa su Kaspersky e non ha trovato nessun object infetto...però io già l'ho trovato nella lista...e non lha controllato 
Scan Statistics
Total number of scanned objects 118125
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:21:17
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Laerzio\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Laerzio\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Laerzio\Impostazioni locali\Cronologia\History.IE5\MSHist012007050220070503\index.dat Object is locked skipped
C:\Documents and Settings\Laerzio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Laerzio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Laerzio\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Laerzio\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Laerzio\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Injection\injection_log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\modzhysv.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Tasks\afh.job Object is locked skipped
C:\WINDOWS\Tasks\begd.job Object is locked skipped
C:\WINDOWS\Tasks\ojpal.job Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\Tasks\xhpd.job Object is locked skipped
C:\WINDOWS\Tasks\xrly.job Object is locked skipped
C:\WINDOWS\Tasks\zeulyn.job Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\EA Games\Ultima Online Mondain's Legacy\Desktop\laerzio\[M4D]VenuS\Dink la Iena\uo.cfg Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed. |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 12:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 02 Mag 2007 13:53 Oggetto: |
|
|
| prova con Unlocker |
|
| Top |
|
|
holifay
Dio maturo
Registrato: 08/03/05 09:48
Messaggi: 2912
Residenza: Milano
|
| Inviato: 02 Mag 2007 15:47 Oggetto: |
|
|
Mi piacerebbe vedere da dove viene caricato. Per favore, scarica systemscan e avvialo
Se il tuo antivirus ti segnala pericoli in systemscan, disattivalo temporaneamente.
Premi SCAN NOW e attendi diversi minuti per il log che si aprirà automaticamente. Una copia sarà savata come report.txt e come file zippato nella cartella c:\suspectfile.
Una volta ottenuto il report. vai qui http://www.sendmefile.com/
clicca su SFOGLIA, seleziona il file e caricalo in internet. Poi incolla qui il link per poter analizzare il file. |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 02 Mag 2007 23:33 Oggetto: |
|
|
non riesco a capire perkè non me lo fa scaricare  mi dice ke ho il blocco popup attivato...ma è disattivato |
|
| Top |
|
|
holifay
Dio maturo
Registrato: 08/03/05 09:48
Messaggi: 2912
Residenza: Milano
|
| Inviato: 02 Mag 2007 23:35 Oggetto: |
|
|
Il sito lo visualizzi normalmente?
Prova a cliccare sul link tenendo premuto il tasto CTRL |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 02 Mag 2007 23:43 Oggetto: |
|
|
| grande holy...sei un pazzo ^^ mo faccio tutto spe |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 02 Mag 2007 23:48 Oggetto: |
|
|
ma ci mette un bel pò è?
sono al secondo passaggio...duplicates in BAK folder e ci mette 1 bel pò.... |
|
| Top |
|
|
holifay
Dio maturo
Registrato: 08/03/05 09:48
Messaggi: 2912
Residenza: Milano
|
| Inviato: 03 Mag 2007 00:00 Oggetto: |
|
|
| se hai molti file può impiegarci anche 20-30 minuti a completare il log. |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 03 Mag 2007 01:19 Oggetto: |
|
|
OK FATTO TUTTO IN MODALITA' PROVVISORIA!
Spero riuscirete ad aiutarmi!
HIJACK prima
Logfile of HijackThis v1.99.1
Scan saved at 2.12.48, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\vomphrbp.exe
C:\Documents and Settings\Laerzio\Documenti\UTILITY CONTRO I VIRUS\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programmi\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [xzfyia.exe] C:\WINDOWS\TEMP\xzfyia.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04DBCE39-192A-40C7-92C3-5E5D50408C80}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B893656-0DC2-43D0-8D0F-99F178FFF96B}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{04DBCE39-192A-40C7-92C3-5E5D50408C80}: NameServer = 192.168.2.1,192.168.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{04DBCE39-192A-40C7-92C3-5E5D50408C80}: NameServer = 192.168.2.1,192.168.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Alias ImageStudio Render Queue (renderqueue) - Unknown owner - C:\Programmi\Alias\ImageStudio3.0\bin\renderqueue.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 03 Mag 2007 01:19 Oggetto: |
|
|
questo invece è il report del programma system scan
http://www.sendmefile.com/00528471 |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 11:05
Messaggi: 14300
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 03 Mag 2007 08:40 Oggetto: |
|
|
Intanto che aspettiamo l'intervento di holifay, vediamo se riusciamo a limitare l'azione delle bestioline tue ospiti.
| Dink the Boss ha scritto: |
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [xzfyia.exe] C:\WINDOWS\TEMP\xzfyia.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
|
Quella qui sopra è tutta roba da eliminare.
Questo qui sotto è una traccia attiva del tuo ospite:
| Dink the Boss ha scritto: | C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\vomphrbp.exe
|
Scarica avenger sul desktop ed estrai l'eseguibile avenger.exe
Poi segui questa guida su come usarlo http://forum.zeusnews.com/link/14931.
Utilizza, però, il seguente elenco:
Files to delete:
C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\vomphrbp.exe
C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\ybotirbrvk.exe
C:\WINDOWS\TEMP\xzfyia.exe
C:\WINDOWS\Tasks\afh.job
C:\WINDOWS\Tasks\xhpd.job
C:\WINDOWS\Tasks\xrly.job
C:\WINDOWS\Tasks\ojpal.job
C:\WINDOWS\Tasks\begd.job
C:\WINDOWS\Tasks\zeulyn.job
C:\WINDOWS\Tasks\zvnn.job
C:\WINDOWS\Tasks\zgjnqg.job
C:\WINDOWS\Tasks\zzoe.job
C:\WINDOWS\Tasks\uakmwh.job
C:\WINDOWS\Tasks\fwqvvbfm.job
C:\WINDOWS\Tasks\cmqqsd.job
C:\WINDOWS\Tasks\mfq.job
C:\WINDOWS\Tasks\apblk.job
C:\WINDOWS\Tasks\sebod.job
C:\WINDOWS\SYSTEM32\CPWIUY.DLL
C:\WINDOWS\SYSTEM32\ECESQ.DLL
C:\WINDOWS\SYSTEM32\T3ODM.DLL
C:\WINDOWS\SYSTEM32\T5RDV.DLL
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|xzfyia.exe
registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Segui le istruzioni, ti chiederà di riavviare 2 volte, accetta
al termine posta:
- contenuto del file avenger.txt
- nuovo log di systemscan
- un log di GMER, rootkit
vediamo se riusciamo a combinare qualcosina.
Visto che ci sei, elimina anche i files temporanei con CCleaner |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 03 Mag 2007 13:41 Oggetto: |
|
|
Intanto inizio col ringraziarti ^^
Ho fatto i primi passi e ti dico già che il file modzhysv.exe in system32
non è + caricato in memoria all'avvio (o almeno in task manager non lo vedo +....)
Però continua ad essere nella cartela system32.Ma ho visto che non me lo hai fatto deletare con avenger.... giusto?
Guarda te , questo è il log di avenger...penso che qualcosa abbia fatto Hijack
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\isvrwdoq
*******************
Script file located at: \??\C:\rhwkrpdi.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\vomphrbp.exe for deletion
Deletion of file C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\vomphrbp.exe failed!
Could not process line:
C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\vomphrbp.exe
Status: 0xc000003a
Could not open file C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\ybotirbrvk.exe for deletion
Deletion of file C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\ybotirbrvk.exe failed!
Could not process line:
C:\DOCUME~1\Laerzio\IMPOST~1\Temp\nsu6.tmp\ybotirbrvk.exe
Status: 0xc000003a
File C:\WINDOWS\TEMP\xzfyia.exe not found!
Deletion of file C:\WINDOWS\TEMP\xzfyia.exe failed!
Could not process line:
C:\WINDOWS\TEMP\xzfyia.exe
Status: 0xc0000034
File C:\WINDOWS\Tasks\afh.job not found!
Deletion of file C:\WINDOWS\Tasks\afh.job failed!
Could not process line:
C:\WINDOWS\Tasks\afh.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\xhpd.job not found!
Deletion of file C:\WINDOWS\Tasks\xhpd.job failed!
Could not process line:
C:\WINDOWS\Tasks\xhpd.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\xrly.job not found!
Deletion of file C:\WINDOWS\Tasks\xrly.job failed!
Could not process line:
C:\WINDOWS\Tasks\xrly.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\ojpal.job not found!
Deletion of file C:\WINDOWS\Tasks\ojpal.job failed!
Could not process line:
C:\WINDOWS\Tasks\ojpal.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\begd.job not found!
Deletion of file C:\WINDOWS\Tasks\begd.job failed!
Could not process line:
C:\WINDOWS\Tasks\begd.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\zeulyn.job not found!
Deletion of file C:\WINDOWS\Tasks\zeulyn.job failed!
Could not process line:
C:\WINDOWS\Tasks\zeulyn.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\zvnn.job not found!
Deletion of file C:\WINDOWS\Tasks\zvnn.job failed!
Could not process line:
C:\WINDOWS\Tasks\zvnn.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\zgjnqg.job not found!
Deletion of file C:\WINDOWS\Tasks\zgjnqg.job failed!
Could not process line:
C:\WINDOWS\Tasks\zgjnqg.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\zzoe.job not found!
Deletion of file C:\WINDOWS\Tasks\zzoe.job failed!
Could not process line:
C:\WINDOWS\Tasks\zzoe.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\uakmwh.job not found!
Deletion of file C:\WINDOWS\Tasks\uakmwh.job failed!
Could not process line:
C:\WINDOWS\Tasks\uakmwh.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\fwqvvbfm.job not found!
Deletion of file C:\WINDOWS\Tasks\fwqvvbfm.job failed!
Could not process line:
C:\WINDOWS\Tasks\fwqvvbfm.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\cmqqsd.job not found!
Deletion of file C:\WINDOWS\Tasks\cmqqsd.job failed!
Could not process line:
C:\WINDOWS\Tasks\cmqqsd.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\mfq.job not found!
Deletion of file C:\WINDOWS\Tasks\mfq.job failed!
Could not process line:
C:\WINDOWS\Tasks\mfq.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\apblk.job not found!
Deletion of file C:\WINDOWS\Tasks\apblk.job failed!
Could not process line:
C:\WINDOWS\Tasks\apblk.job
Status: 0xc0000034
File C:\WINDOWS\Tasks\sebod.job not found!
Deletion of file C:\WINDOWS\Tasks\sebod.job failed!
Could not process line:
C:\WINDOWS\Tasks\sebod.job
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\CPWIUY.DLL not found!
Deletion of file C:\WINDOWS\SYSTEM32\CPWIUY.DLL failed!
Could not process line:
C:\WINDOWS\SYSTEM32\CPWIUY.DLL
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\ECESQ.DLL not found!
Deletion of file C:\WINDOWS\SYSTEM32\ECESQ.DLL failed!
Could not process line:
C:\WINDOWS\SYSTEM32\ECESQ.DLL
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\T3ODM.DLL not found!
Deletion of file C:\WINDOWS\SYSTEM32\T3ODM.DLL failed!
Could not process line:
C:\WINDOWS\SYSTEM32\T3ODM.DLL
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\T5RDV.DLL not found!
Deletion of file C:\WINDOWS\SYSTEM32\T5RDV.DLL failed!
Could not process line:
C:\WINDOWS\SYSTEM32\T5RDV.DLL
Status: 0xc0000034
Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|xzfyia.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|xzfyia.exe failed!
Status: 0xc0000034
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} failed!
Status: 0xc0000034
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF99BD32-C1FB-11D2-892F-0090271D4F88} failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate. |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 03 Mag 2007 14:04 Oggetto: |
|
|
SystemScan - www.suspectfile.com - ver. 3.0.1
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
Date: 03/05/2007
Time: 14.47.08
Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Duplicates in BAK folders
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-Include hijackthis.log
-------------Users folders -------------
27/11/2006 00.41.06 (DIR) -H-- 0157 days old -- Default User
13/01/2007 18.44.51 (DIR) ---- 0110 days old -- All Users
17/03/2007 15.23.47 (DIR) -HS- 0047 days old -- LocalService
17/03/2007 15.23.56 (DIR) ---- 0047 days old -- Administrator
24/04/2007 14.59.07 (DIR) -HS- 0009 days old -- NetworkService
03/05/2007 14.43.28 (DIR) ---- 0000 days old -- Laerzio
Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Laerzio
| SUPPORT_388945a0 (Disabled)
| SUPPORT_cbf0f968 (Disabled)
-------------Recent files (60 days old)-------------
------------- Showing files newer than 60 days in C:\
07/03/2007 03.01.05 (DIR) ---- 0057 days old -- Update
24/03/2007 20.18.16 (DIR) ---- 0040 days old -- epson
26/03/2007 16.11.09 (DIR) ---- 0038 days old -- NVIDIA
20/04/2007 22.45.31 (DIR) ---- 0013 days old -- Program Files
24/04/2007 15.20.01 (DIR) ---R 0009 days old -- Programmi
24/04/2007 19.31.23 -HSR 0009 days old -- boot.ini
26/04/2007 16.59.41 (DIR) ---- 0007 days old -- gfactory
26/04/2007 21.43.32 (DIR) ---- 0007 days old -- Injection
03/05/2007 14.17.26 A--- 0000 days old -- drwtsn32.log
03/05/2007 14.32.40 A--- 0000 days old -- avenger.txt
03/05/2007 14.33.29 (DIR) ---- 0000 days old -- WINDOWS
03/05/2007 14.33.38 (DIR) ---- 0000 days old -- avenger
03/05/2007 14.44.30 (DIR) ---- 0000 days old -- pagefile.sys
03/05/2007 14.47.08 (DIR) ---- 0000 days old -- suspectfile
------------- Showing files newer than 60 days in C:\WINDOWS\
17/03/2007 19.14.07 (DIR) ---- 0047 days old -- NV22083768.TMP
20/03/2007 00.46.31 (DIR) ---- 0044 days old -- Resources
20/03/2007 00.46.43 A--- 0044 days old -- RestoreFlyakiteOSX.txt
20/03/2007 00.47.53 (DIR) ---- 0044 days old -- srchasst
20/03/2007 00.49.24 (DIR) -H-- 0044 days old -- FlyakiteOSX
24/03/2007 15.31.41 A--- 0040 days old -- gfscore.ini
25/03/2007 00.37.38 ---- 0039 days old -- Setup1.exe
26/03/2007 17.47.28 (DIR) ---- 0038 days old -- Help
26/03/2007 17.48.34 (DIR) ---- 0038 days old -- nview
27/03/2007 15.42.59 (DIR) ---- 0037 days old -- WinSxS
27/03/2007 16.42.28 (DIR) ---- 0037 days old -- Microsoft.NET
27/03/2007 16.42.28 (DIR) --SR 0037 days old -- assembly
03/04/2007 15.27.14 (DIR) --SR 0030 days old -- Fonts
03/04/2007 19.21.40 (DIR) ---- 0030 days old -- pss
08/04/2007 23.33.23 AH-- 0025 days old -- QTFont.qfn
11/04/2007 19.12.39 (DIR) ---- 0022 days old -- RegisteredPackages
11/04/2007 19.12.54 (DIR) -HS- 0022 days old -- Installer
17/04/2007 03.32.17 A--- 0016 days old -- d3dx.dat
24/04/2007 14.59.05 (DIR) ---- 0009 days old -- system
24/04/2007 19.31.23 A--- 0009 days old -- win.ini
24/04/2007 19.31.23 A--- 0009 days old -- system.ini
26/04/2007 19.44.30 A--- 0007 days old -- gcspro30.ini
29/04/2007 18.07.35 A--- 0004 days old -- gfact.ini
02/05/2007 00.33.51 (DIR) -H-- 0001 days old -- inf
02/05/2007 00.33.53 (DIR) --S- 0001 days old -- Downloaded Program Files
02/05/2007 02.07.46 A--- 0001 days old -- ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt
03/05/2007 13.46.31 A--- 0000 days old -- NeroDigital.ini
03/05/2007 14.17.47 (DIR) --S- 0000 days old -- Tasks
03/05/2007 14.26.12 (DIR) ---- 0000 days old -- Minidump
03/05/2007 14.33.04 (DIR) ---- 0000 days old -- Prefetch
03/05/2007 14.33.16 A--- 0000 days old -- Sti_Trace.log
03/05/2007 14.33.18 A--- 0000 days old -- wiaservc.log
03/05/2007 14.33.18 (DIR) ---- 0000 days old -- system32
03/05/2007 14.33.29 A--- 0000 days old -- 0.log
03/05/2007 14.33.47 (DIR) ---- 0000 days old -- Temp
03/05/2007 14.43.37 A--- 0000 days old -- wiadebug.log
03/05/2007 14.43.38 A--- 0000 days old -- WindowsUpdate.log
03/05/2007 14.45.09 A-S- 0000 days old -- bootstat.dat
03/05/2007 14.45.19 A--- 0000 days old -- ntbtlog.txt
------------- Showing files newer than 60 days in C:\WINDOWS\Downloaded Program Files\
------------- Showing files newer than 60 days in C:\WINDOWS\system\
------------- Showing files newer than 60 days in C:\WINDOWS\system32\
08/03/2007 01.51.00 ---- 0056 days old -- pxcpya64.exe
08/03/2007 01.51.00 ---- 0056 days old -- pxdrv.dll
08/03/2007 01.51.00 ---- 0056 days old -- Px.dll
08/03/2007 01.51.00 ---- 0056 days old -- pxafs.dll
08/03/2007 01.51.00 ---- 0056 days old -- pxhpinst.exe
08/03/2007 01.51.00 ---- 0056 days old -- PxSFS.DLL
08/03/2007 01.51.00 ---- 0056 days old -- PxWave.dll
08/03/2007 01.51.00 ---- 0056 days old -- pxinsa64.exe
08/03/2007 01.51.00 ---- 0056 days old -- PxMas.dll
08/03/2007 01.51.00 ---- 0056 days old -- vxblock.dll
12/03/2007 16.17.47 A--- 0052 days old -- ROAAB4.tmp
12/03/2007 16.18.38 AH-- 0052 days old -- ROAAB7.tmp.LOG
12/03/2007 16.18.38 AH-- 0052 days old -- ROAABC.tmp.LOG
12/03/2007 16.18.38 AH-- 0052 days old -- ROAAB4.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAAC7.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAADF.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAADC.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAAD4.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAABF.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAAD7.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAAC4.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAACC.tmp.LOG
12/03/2007 16.18.39 AH-- 0052 days old -- ROAACF.tmp.LOG
12/03/2007 16.18.45 A--- 0052 days old -- ROAADF.bac
12/03/2007 16.18.45 A--- 0052 days old -- ROAADC.bac
12/03/2007 16.18.49 A--- 0052 days old -- ROAAD4.bac
12/03/2007 16.18.49 A--- 0052 days old -- ROAAB7.bac
12/03/2007 16.18.49 A--- 0052 days old -- ROAAC4.bac
12/03/2007 16.18.49 A--- 0052 days old -- ROAACC.bac
12/03/2007 16.18.49 A--- 0052 days old -- ROAABF.bac
12/03/2007 16.18.49 A--- 0052 days old -- ROAABC.bac
12/03/2007 16.18.49 A--- 0052 days old -- ROAAC7.bac
17/03/2007 15.28.30 (DIR) ---- 0047 days old -- config
19/03/2007 17.12.18 A--- 0045 days old -- CmdLineExt.dll
20/03/2007 00.44.41 A--- 0044 days old -- uxtheme.dll
20/03/2007 00.46.27 A--- 0044 days old -- ntkrnlpa.exe
20/03/2007 00.46.28 A--- 0044 days old -- ntoskrnl.exe
20/03/2007 00.47.53 (DIR) ---- 0044 days old -- usmt
20/03/2007 00.47.54 (DIR) ---- 0044 days old -- Restore
20/03/2007 22.01.41 (DIR) ---- 0044 days old -- DRVSTORE
24/03/2007 20.20.22 (DIR) ---- 0040 days old -- CatRoot
26/03/2007 17.43.04 (DIR) ---- 0038 days old -- ReinstallBackups
27/03/2007 18.51.50 (DIR) ---- 0037 days old -- DirectX
04/04/2007 08.57.26 A--- 0029 days old -- FNTCACHE.DAT
17/04/2007 19.22.29 (DIR) -HSR 0016 days old -- dllcache
02/05/2007 00.33.51 (DIR) ---- 0001 days old -- Kaspersky Lab
02/05/2007 23.22.12 A--- 0001 days old -- perfh009.dat
02/05/2007 23.22.12 A--- 0001 days old -- perfh010.dat
02/05/2007 23.22.12 A--- 0001 days old -- PerfStringBackup.INI
02/05/2007 23.22.12 A--- 0001 days old -- perfc009.dat
02/05/2007 23.22.12 A--- 0001 days old -- perfc010.dat
03/05/2007 14.33.18 A--- 0000 days old -- tablet.dat
03/05/2007 14.33.33 A--- 0000 days old -- nvapps.xml
03/05/2007 14.33.39 (DIR) ---- 0000 days old -- drivers
03/05/2007 14.33.45 A--- 0000 days old -- wpa.dbl
03/05/2007 14.36.40 (DIR) ---- 0000 days old -- CatRoot2
------------- Showing files newer than 60 days in C:\WINDOWS\system32\drivers\
08/03/2007 01.51.00 ---- 0056 days old -- PxHelp20.sys
19/03/2007 18.11.26 A--- 0045 days old -- sptd.sys
20/03/2007 09.55.45 A--- 0044 days old -- avipbb.sys
03/05/2007 00.49.33 (DIR) ---- 0000 days old -- etc
------------- Showing files newer than 60 days in C:\WINDOWS\temp\
03/05/2007 14.33.47 A--- 0000 days old -- WGANotify.settings
03/05/2007 14.46.09 A--- 0000 days old -- WGAErrLog.txt
------------- Showing files newer than 60 days in C:\Programmi\
10/03/2007 17.40.32 (DIR) ---- 0054 days old -- Floating Point Solutions
18/03/2007 02.02.37 (DIR) ---- 0046 days old -- GTASA-Ultimate Editor
19/03/2007 18.13.56 (DIR) ---- 0045 days old -- DAEMON Tools
20/03/2007 00.46.35 (DIR) ---- 0044 days old -- ObjectDock
20/03/2007 00.46.35 (DIR) ---- 0044 days old -- RK Launcher
20/03/2007 00.46.37 (DIR) ---- 0044 days old -- Tiger System Preferences v2
20/03/2007 00.46.37 (DIR) ---- 0044 days old -- UberIcon
20/03/2007 00.46.38 (DIR) ---- 0044 days old -- YzShadow
20/03/2007 00.46.38 (DIR) ---- 0044 days old -- WinRoll
20/03/2007 00.47.54 (DIR) ---- 0044 days old -- Windows Media Player
20/03/2007 00.47.54 (DIR) ---- 0044 days old -- Messenger
20/03/2007 00.47.55 (DIR) ---- 0044 days old -- WinRAR
20/03/2007 00.47.55 (DIR) ---- 0044 days old -- Outlook Express
20/03/2007 02.48.44 (DIR) ---- 0044 days old -- iColorFolder
24/03/2007 20.19.59 (DIR) ---- 0040 days old -- EPSON
27/03/2007 11.36.30 (DIR) ---- 0037 days old -- LFS_S2_ALPHA_U
27/03/2007 15.42.29 (DIR) ---- 0037 days old -- Internet Explorer
27/03/2007 22.43.15 (DIR) ---- 0037 days old -- GameSpy Arcade
29/03/2007 17.16.02 (DIR) ---- 0035 days old -- Rhinoceros 4.0
02/04/2007 18.19.28 (DIR) ---- 0031 days old -- NCH Swift Sound
03/04/2007 14.07.24 (DIR) ---- 0030 days old -- File comuni
03/04/2007 15.27.06 (DIR) ---- 0030 days old -- Adobe
05/04/2007 00.02.25 (DIR) ---- 0028 days old -- CamStudio
05/04/2007 15.37.32 (DIR) ---- 0028 days old -- Cyberlink
08/04/2007 17.36.38 (DIR) ---- 0025 days old -- Directory Lister
11/04/2007 19.12.53 (DIR) ---- 0022 days old -- Movie Maker
17/04/2007 02.04.28 (DIR) -H-- 0016 days old -- InstallShield Installation Information
17/04/2007 04.00.39 (DIR) ---- 0016 days old -- Razor
20/04/2007 22.47.11 (DIR) ---- 0013 days old -- ICQLite
24/04/2007 14.43.18 (DIR) ---- 0009 days old -- Spybot - Search & Destroy
24/04/2007 14.59.18 (DIR) ---- 0009 days old -- Grisoft
25/04/2007 22.08.56 (DIR) ---- 0008 days old -- Winamp
26/04/2007 15.22.12 (DIR) ---- 0007 days old -- AntiVir PersonalEdition Classic
------------- Showing files newer than 60 days in C:\Programmi\File comuni\
20/03/2007 00.47.55 (DIR) ---- 0044 days old -- System
24/03/2007 20.20.30 (DIR) ---- 0040 days old -- EPSON
29/03/2007 17.16.22 (DIR) ---- 0035 days old -- McNeel Shared
03/04/2007 14.07.24 (DIR) ---- 0030 days old -- Adobe Systems Shared
03/04/2007 15.27.53 (DIR) ---- 0030 days old -- Adobe
-------------Duplicates in BAK folders-------------
No BAK folders found
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
"SonyPowerCfg"="C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programmi\Google\Gmail Notifier\gnotify.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"qfeydlgc"="C:\yogipigt.bat"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
@SACL=
-------------HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-------------
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------
-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------
[Windows]
"AppInit_DLLs"=""
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-------------
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
#### HKCR\CLSID\{e57ce738-33e8-4c51-8354-bb4de9d215d1}\InprocServer32 @="C:\WINDOWS\system32\upnpui.dll"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="d:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll"
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxdev.dll"
"Unlock"="WinlogonUnlockEvent"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\VESWinlogon]
"Startup"="EventStartup"
"DllName"=expand:"VESWinlogon.dll"
[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"Administrator"=dword:00000001
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------
[Winlogon]
@SACL=
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-------------
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-------------HKLM\System\CurrentControlSet\Control\Session Manager\-------------
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-------------HKLM\SYSTEM\CurrentControlSet\Control\WOW-------------
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------
[RunOnce]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------
[RunOnceEx]
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------
[RunOnce]
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------
-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------
-------------HKLM\Software\Microsoft\Command Processor\Autorun-------------
-------------HKCU\Software\Microsoft\Command Processor\Autorun-------------
-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-------------
-------------HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-------------
-------------HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-------------
-------------HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-------------
-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-------------
-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-------------
-------------HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-------------
-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-------------
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\Browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\Browseui.dll"
-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"NoExplorer"=dword:00000001
@=""
[Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
#### HKCR\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\InprocServer32 @="C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll"
[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
#### HKCR\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll"
@=""
[Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
#### HKCR\CLSID\{bf00e119-21a3-4fd1-b178-3b8537e75c92}\InprocServer32 @="C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll"
@="Mega Manager IE Click Monitor"
[Browser Helper Objects\{CF7C3CF0-4B15-11D1-ABED-709549C10000}]
#### HKCR\CLSID\{CF7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32 @="C:\Programmi\Advanced System Optimizer\IEHelper.dll"
-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\Shdocvw.dll"
-------------HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-------------
[startupfolder]
[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
"backup"="C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"
[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
"backup"="C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\FILECO~1\Adobe\CALIBR~1\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^AWC.lnk]
"backup"="C:\WINDOWS\pss\AWC.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\AWC\AWC.exe "
"item"="AWC"
[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^iFormat.lnk]
"location"="Common Startup"
"item"="iFormat"
[startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^TabUserW.exe.lnk]
"backup"="C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\system32\WTablet\TabUserW.exe "
"item"="TabUserW.exe"
-------------HKCU\Control Panel\Desktop\-------------
[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\system32\scrnsave.scr"
[Desktop\WindowMetrics]
-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------
[command]
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------
[command]
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------
[command]
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------
[command]
@="\"%1\" %*"
-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------
[command]
@="\"%1\" /S"
-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-------------
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-------------HKLM\SYSTEM\CurrentControlSet\Control\Lsa-------------
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:0000015c
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="32f96088"
"Pattern"=hex:54,b4,c4,2d,ae,40,69,48,b4,86,18,5f,f9,dd,6b,c3,33,32,66,39,36,\
30,38,38,00,00,00,00,57,dc,00,00,18,ca,06,00,99,d0,b8,71,04,ca,06,00,10,00,\
00,00,00,00,00,00,75,5d,ee,fb,ce,4e,f9,81,07,58,fd,32
[Lsa\GBG]
@Class="754e76ce"
"GrafBlumGroup"=hex:5e,65,55,ac,ec,16,33,ea,46
[Lsa\JD]
@Class="07fdfb81"
"Lookup"=hex:c0,4c,1d,20,a4,a2
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="ee5d58b2"
"SkewMatrix"=hex:de,d1,31,40,66,3f,80,92,9a,88,2e,04,c2,63,00,8d
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:7a,06,7c,77,38,ae,c6,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,20,93,0d,e4,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,20,93,0d,e4,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,20,93,0d,e4,85,c4,01
"Type"=dword:00000031
-------------HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-------------
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000004
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:0000010e
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3587:TCP"="3587:TCP:*:Enabled:Gruppi peer-to-peer Windows"
"3540:UDP"="3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings]
"AllowInboundEchoRequest"=dword:00000001
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Yahoo!\Messenger\YPager.exe"="C:\Programmi\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Programmi\Yahoo!\Messenger\YServer.exe"="C:\Programmi\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Programmi\BitTorrent\bittorrent.exe"="C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3587:TCP"="3587:TCP:*:Enabled:Gruppi peer-to-peer Windows"
"3540:UDP"="3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
"AllowInboundEchoRequest"=dword:00000001
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-------------
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-------------
-------------HKLM\Software\Microsoft\Ole-------------
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-------------HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-------------
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-------------
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-------------
[SystemRestore]
"DisableSR"=dword:00000001
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{C2ED04C9-B483-4D4F-83BF-03B22D5ED687}"
[SystemRestore\SnapshotCallbacks]
@=""
-------------HKEY_CURRENT_USER\Software\VB and VBA Program Settings-------------
[VB and VBA Program Settings]
[VB and VBA Program Settings\CCleaner]
[VB and VBA Program Settings\CCleaner\Options]
[VB and VBA Program Settings\Euro Add-in]
[VB and VBA Program Settings\Euro Add-in\Wizard Options]
[VB and VBA Program Settings\Projekt1]
[VB and VBA Program Settings\Projekt1\Settings]
[VB and VBA Program Settings\sahandling]
[VB and VBA Program Settings\sahandling\settings]
-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"DontAsk"=dword:00000002
"IsInstalled"=dword:00000000
"Locale"="*"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
"Version"="0,0,5700,0"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"DontAsk"=dword:00000002
"Version"="10,0,0,3646"
"IsInstalled"=dword:00000000
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"Locale"="*"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"
"Version"="2,0,0,0"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"Version"="6,0,2900,2180"
@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"Locale"="*"
"IsInstalled"=dword:00000001
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000000
"Locale"="*"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
"Version"="2,0,0,0"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="C:\Programmi\Java\jre1.5.0_09\bin\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
"Version"="6,0,2462,0001"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
[Installed Components\{1C75C4BC-4EC1-4A6E-EDB3-CD02616F3796}]
@="Adobe Shockwave Director 10.1.4"
"ComponentID"="Director"
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="10,1,4,20"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="IT"
"StubPath"=""
"Version"="10,0,0,3646"
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="IT"
"StubPath"=""
"IsInstalled"=dword:00000001
@="Microsoft Windows Media Player 6.4"
"Version"="10,0,0,3646"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"IsInstalled"=hex:01,00,00,00
"Version"="10,1,4,20"
"Locale"="EN"
@="Adobe Shockwave Director 10.1.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
@="DirectAnimation"
"IsInstalled"=dword:00000001
"Version"="6,0,3,531"
"Locale"="IT"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"IsInstalled"=hex:01,00,00,00
"Version"="10,1,4,20"
"Locale"="EN"
@="Adobe Shockwave Director 10.1.4"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="IT"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
"Version"="1,1,1,7"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,7,0,0320"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"Version"="6,0,2900,2180"
@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,2180"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="IT"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="IT"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="IT"
"Version"="10,0,0,3646"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Guida di Internet Explorer"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="IT"
"Version"="5,6,0,8820"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="IT"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,0,0,1"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="6,0,2900,2180"
@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="IT"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"
"IsInstalled"=dword:00000001
"Version"="10,0,0,3646"
[Installed Components\{6E5D5321-8556-D9AF-503B-DFFB7985693E}]
@="DirectX"
"ComponentID"=""
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="6,0,2900,2180"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Accesso sito MSN"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"
"Locale"=""
"Version"="2,0,50727,0"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"Version"="10,0,0,1"
@="Web Folders"
"Locale"="*"
"IsInstalled"=dword:00000001
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"Version"="6,0,2900,2180"
@="Rubrica 6"
"IsInstalled"=dword:00000001
"Locale"="IT"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{7EF8C76C-E4DC-7474-7C92-3A8100911268}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="2,0,0,0"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"Version"="6,0,2900,2180"
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"IsInstalled"=dword:00000001
"Locale"="IT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"Version"="6,0,2900,2180"
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="IT"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
"http://www.microsoft.com"=""
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"IsInstalled"=dword:00000001
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
"Version"="1,1,0,5000"
"DontAsk"=dword:00000002
[Installed Components\{929B142A-4CE8-CBE3-B1F5-53BCB352D9E3}]
@=".NET Framework"
"ComponentID"=".NETFramework"
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="2,0,50727,1"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,5000,3130,0"
[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
"Version"="6,0,2800,2180"
[Installed Components\{C0D64617-8999-EE27-8D19-FDA6F2F552C6}]
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="10,0,0,3646"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,00,0000,6"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"Locale"=""
"Version"="1,0,4322,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Utilità di pianificazione"
"ComponentID"="MSTASK"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1968,1"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.0"
"IsInstalled"=hex:01,00,00,00
"Version"="2,0,3312,1"
[Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="9.0.28.0"
"Locale"="EN"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="Guida HTML"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,74,9006,0"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="5,0,00,0"
[Installed Components\{F28B1C2D-643E-0DB7-2DD3-6649F24F2834}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="6,0,2462,0001"
-------------Comparing registry keys CCS1 vs CCS2 -------------
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\BTHPORT\Parameters\Keys
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\sptd\Cfg
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\a0j3hwrn
Result compared: Identical
-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
------------- Hosts File -------------
------------- Scheduled tasks -------------
19/08/2004 14.00.00 -H-R 0987 days old -- desktop.ini
03/05/2007 14.43.38 A--- 0000 days old -- SCHEDLGU.TXT
03/05/2007 14.43.38 AH-- 0000 days old -- SA.DAT
-------------List of running services -------------
000) "CryptSvc" - Servizi di crittografia
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
001) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> SIZE = 14,336 bytes
002) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> SIZE = 108,544 bytes
003) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
004) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> SIZE = 108,544 bytes
005) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> SIZE = 14,336 bytes
006) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
..:: BOOT REGISTRY ::..
0) "SonyPowerCfg"
---> TYPE = String
---> CMD = C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
---> FILE = C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
---> SIZE = 184,320 bytes
1) "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
---> TYPE = String
---> CMD = C:\Programmi\Google\Gmail Notifier\gnotify.exe
---> FILE = C:\Programmi\Google\Gmail Notifier\gnotify.exe
---> SIZE = 479,232 bytes
2) "NvCplDaemon"
---> TYPE = String
---> CMD = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
---> FILE = (NOT EXISTS)
---> SIZE = (NOT EXISTS)
3) "qfeydlgc"
---> TYPE = String
---> CMD = C:\yogipigt.bat
---> FILE = (NOT EXISTS)
---> SIZE = (NOT EXISTS)
-------------List of NOT running services -------------
000) "Adobe LM Service" - Adobe LM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
---> SIZE = 69,632 bytes
001) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes
002) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> SIZE = 44,544 bytes
003) "AntiVirScheduler" - AntiVir PersonalEdition Classic Scheduler
---> STAT = (NOT RUNNING) Started automatically
---> FILE = "C:\Programmi\AntiVir PersonalEdition Classic\sched.exe"
---> SIZE = 57,896 bytes
004) "AntiVirService" - AntiVir PersonalEdition Classic Guard
---> STAT = (NOT RUNNING) Started automatically
---> FILE = "C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe"
---> SIZE = 204,840 bytes
005) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
006) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> SIZE = 29,896 bytes
007) "AudioSrv" - Audio Windows
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
008) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
009) "Browser" - Browser di computer
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
010) "BthServ" - Bluetoo |
|
| Top |
|
|
Dink the Boss
Eroe in grazia degli dei
Registrato: 03/07/06 09:33
Messaggi: 136
|
| Inviato: 03 Mag 2007 14:16 Oggetto: |
 |
|
Questo è il report di GMER
So che sono molto lunghi...mi scuso in anticipo per il lavoro
http://www.sendmefile.com/00528587 |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
