Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
trojan virtumonde
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
solojuve
Mortale pio
Mortale pio


Registrato: 09/02/08 23:22
Messaggi: 23
MessaggioInviato: 18 Feb 2008 21:17    Oggetto: trojan virtumonde Rispondi citando
come posso eliminare questo trojan......

faccio una scansione con spywaredoctor e mi trova 4 file infetti da sto trojan li elimino ma poi dopo un' ora ne faccio un'altra e mi rileva altri file e chiavi di registro infetti.....


che faccio?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.24.13, on 18/02/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.totosi.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F2A2C5-6DCF-43FF-B206-43E68E769BD5}: NameServer = 213.230.130.222 213.230.155.94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7136 bytes
Top
Profilo Invia messaggio privato
solojuve
Mortale pio
Mortale pio


Registrato: 09/02/08 23:22
Messaggi: 23
MessaggioInviato: 18 Feb 2008 22:38    Oggetto: Rispondi citando
nessuno può aiutarmi Think
Top
Profilo Invia messaggio privato
baciami
Semidio
Semidio


Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
MessaggioInviato: 18 Feb 2008 22:57    Oggetto: Rispondi citando
il log è pulito..intanto leggiti questo http://forum.zeusnews.com/viewtopic.php?p=210548
poi fai una scansione con SystemScan (leggi in fondo al forum) e il logo caricalo qui http://www.freefilehosting.net e postalo
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
baciami
Semidio
Semidio


Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
MessaggioInviato: 18 Feb 2008 23:00    Oggetto: Rispondi citando
ah..dimenticavo...forza juve Evviva
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
solojuve
Mortale pio
Mortale pio


Registrato: 09/02/08 23:22
Messaggi: 23
MessaggioInviato: 19 Feb 2008 00:42    Oggetto: Rispondi citando
ok vediamo un pò.....
Top
Profilo Invia messaggio privato
solojuve
Mortale pio
Mortale pio


Registrato: 09/02/08 23:22
Messaggi: 23
MessaggioInviato: 19 Feb 2008 18:11    Oggetto: Rispondi
[URL="http://www.freefilehosting.net/files/3c99j"]report66.txt[/URL]


SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Downloads\sys74789.exe
Running in: User mode
Date: 19/02/08
Time: 1.19.28

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include hijackthis.log

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
Yes | amelio
| ASPNET
| Guest (Disabled)
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)

### users folders

14/02/2008 10.50.28 (DIR) 0 byte 5 days old -- NetworkService
14/02/2008 10.50.28 (DIR) 0 byte 5 days old -- LocalService
18/02/2008 20.33.15 (DIR) 0 byte 1 days old -- amelio
11/02/2008 20.49.42 (DIR) 0 byte 8 days old -- All Users
11/02/2008 21.09.19 (DIR) 0 byte 8 days old -- Default User

### startup files in users folders

C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DVD Check.lnk
C:\documents and settings\amelio\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== Recent files (60 days old) =====================

----- recent files in C:\
14/02/2008 10.55.51 (DIR) 0 byte 5 days old -- Avenger
16/02/2008 14.11.21 244 byte 3 days old -- sqmnoopt00.sqm
16/02/2008 14.11.21 268 byte 3 days old -- sqmdata00.sqm
16/02/2008 16.23.31 268 byte 3 days old -- sqmdata01.sqm
16/02/2008 16.23.31 244 byte 3 days old -- sqmnoopt01.sqm
16/02/2008 16.25.05 244 byte 3 days old -- sqmnoopt02.sqm
16/02/2008 16.25.05 268 byte 3 days old -- sqmdata02.sqm
16/02/2008 19.20.38 (DIR) 0 byte 3 days old -- Config.Msi
17/02/2008 16.45.02 (DIR) 0 byte 2 days old -- Programmi
18/02/2008 13.37.40 (DIR) 0 byte 1 days old -- WINDOWS
18/02/2008 21.59.54 (DIR) 0 byte 1 days old -- VundoFix Backups
18/02/2008 22.19.45 (DIR) 0 byte 1 days old -- Downloads
19/02/2008 10.21.54 (DIR) 0 byte 0 days old -- $VAULT$.AVG
19/02/2008 12.51.14 1461 byte 0 days old -- VundoFix.txt
19/02/2008 13.15.38 792723456 byte 0 days old -- pagefile.sys
19/02/2008 13.15.40 527880192 byte 0 days old -- hiberfil.sys
19/02/2008 13.19.28 (DIR) 0 byte 0 days old -- suspectfile
11/02/2008 20.44.08 211 byte 8 days old -- boot.ini
11/02/2008 20.51.03 0 byte 8 days old -- AUTOEXEC.BAT
11/02/2008 20.51.03 0 byte 8 days old -- CONFIG.SYS
11/02/2008 20.51.03 0 byte 8 days old -- IO.SYS
11/02/2008 20.51.03 0 byte 8 days old -- MSDOS.SYS
11/02/2008 20.55.04 (DIR) 0 byte 8 days old -- System Volume Information
11/02/2008 20.57.15 (DIR) 0 byte 8 days old -- Documents and Settings
11/02/2008 21.03.13 32 byte 8 days old -- ticrdbus.log
11/02/2008 21.03.45 201 byte 8 days old -- syntp.log
11/02/2008 21.05.19 167 byte 8 days old -- bcmwl5.log
11/02/2008 21.07.41 169 byte 8 days old -- HSC.log
11/02/2008 21.09.17 (DIR) 0 byte 8 days old -- SYSTEM.SAV
11/02/2008 21.12.37 (DIR) 0 byte 8 days old -- SWSetup
11/02/2008 21.12.58 205 byte 8 days old -- sedinst2.log
11/02/2008 21.12.58 161 byte 8 days old -- esuinst.log
11/02/2008 21.15.24 23610 byte 8 days old -- sunjava.log
11/02/2008 21.18.49 163 byte 8 days old -- setup.log
11/02/2008 21.19.45 90 byte 8 days old -- chpst.log
11/02/2008 21.21.41 3222818 byte 8 days old -- DNSP1.LOG
11/02/2008 21.23.05 (DIR) 0 byte 8 days old -- Intel
11/02/2008 21.23.27 (DIR) 0 byte 8 days old -- RECYCLER
11/02/2008 21.57.33 74 byte 8 days old -- CMLoader.log
12/02/2008 10.26.31 (DIR) 0 byte 7 days old -- MSOCache

----- recent files in C:\WINDOWS\
13/02/2008 20.18.14 (DIR) 0 byte 6 days old -- $NtUninstallKB904942$
13/02/2008 20.18.32 11141 byte 6 days old -- KB904942.log
13/02/2008 20.18.42 (DIR) 0 byte 6 days old -- $NtUninstallKB914440$
13/02/2008 20.18.43 (DIR) 0 byte 6 days old -- network diagnostic
13/02/2008 20.18.48 5235 byte 6 days old -- KB914440.log
13/02/2008 20.20.59 (DIR) 0 byte 6 days old -- $NtUninstallKB915865$
13/02/2008 20.21.11 6637 byte 6 days old -- KB915865.log
13/02/2008 20.21.49 (DIR) 0 byte 6 days old -- $NtServicePackUninstallNLSDownlevelMapping$
13/02/2008 20.21.56 5476 byte 6 days old -- NLSDownlevelMapping.log
13/02/2008 20.22.27 (DIR) 0 byte 6 days old -- $NtServicePackUninstallIDNMitigationAPIs$
13/02/2008 20.22.35 5757 byte 6 days old -- IDNMitigationAPIs.log
13/02/2008 20.24.57 (DIR) 0 byte 6 days old -- ie7
13/02/2008 20.25.23 (DIR) 0 byte 6 days old -- Media
13/02/2008 20.25.45 (DIR) 0 byte 6 days old -- WBEM
13/02/2008 20.27.02 58355 byte 6 days old -- ie7.log
13/02/2008 20.30.43 72118 byte 6 days old -- KB942615-IE7.log
13/02/2008 20.32.16 73046 byte 6 days old -- updspapi.log
13/02/2008 20.33.00 52580 byte 6 days old -- KB944533-IE7.log
13/02/2008 20.33.17 158305 byte 6 days old -- ie7_main.log
13/02/2008 20.42.06 (DIR) 0 byte 6 days old -- Help
13/02/2008 20.42.34 7877 byte 6 days old -- spupdsvc.log
13/02/2008 23.33.22 191770 byte 6 days old -- ntbtlog.txt
14/02/2008 10.50.23 (DIR) 0 byte 5 days old -- system
14/02/2008 11.02.30 (DIR) 0 byte 5 days old -- Fonts
14/02/2008 12.19.28 156813 byte 5 days old -- setupact.log
14/02/2008 16.07.17 (DIR) 0 byte 5 days old -- $hf_mig$
14/02/2008 16.10.52 10144 byte 5 days old -- ModemLog_Agere Systems AC'97 Modem.txt
14/02/2008 17.18.26 (DIR) 0 byte 5 days old -- ie7updates
14/02/2008 17.19.01 11376 byte 5 days old -- KB938127-IE7.log
14/02/2008 17.19.01 1374 byte 5 days old -- imsins.BAK
14/02/2008 23.51.05 (DIR) 0 byte 5 days old -- Sun
15/02/2008 14.04.58 10585 byte 4 days old -- hpdj3740.ini
15/02/2008 14.04.58 207795 byte 4 days old -- hpdj3740.his
15/02/2008 14.12.33 43284 byte 4 days old -- wmsetup.log
15/02/2008 14.15.47 255 byte 4 days old -- lgfwup.ini
15/02/2008 22.48.52 6240 byte 4 days old -- DPINST.LOG
15/02/2008 22.56.39 (DIR) 0 byte 4 days old -- $NtUninstallWIC$
15/02/2008 22.57.33 679888 byte 4 days old -- FaxSetup.log
15/02/2008 22.57.33 34413 byte 4 days old -- msgsocm.log
15/02/2008 22.57.33 332426 byte 4 days old -- ocgen.log
15/02/2008 22.57.34 1374 byte 4 days old -- imsins.log
15/02/2008 22.57.34 108119 byte 4 days old -- iis6.log
15/02/2008 22.57.34 237194 byte 4 days old -- comsetup.log
15/02/2008 22.57.34 142472 byte 4 days old -- ntdtcsetup.log
15/02/2008 22.57.34 42656 byte 4 days old -- ocmsn.log
15/02/2008 22.57.34 264663 byte 4 days old -- tsoc.log
15/02/2008 22.57.34 5254 byte 4 days old -- WIC.log
15/02/2008 23.00.20 (DIR) 0 byte 4 days old -- inf
15/02/2008 23.00.40 30049 byte 4 days old -- DirectX.log
15/02/2008 23.10.16 (DIR) 0 byte 4 days old -- Tasks
16/02/2008 15.03.17 424 byte 3 days old -- zipgenius.xml
16/02/2008 19.20.38 (DIR) 0 byte 3 days old -- Installer
17/02/2008 15.59.07 (DIR) 0 byte 2 days old -- Downloaded Program Files
17/02/2008 16.19.46 656939 byte 2 days old -- setupapi.log
17/02/2008 16.20.39 113888 byte 2 days old -- pxinstall_log.txt
18/02/2008 13.52.07 50 byte 1 days old -- wiaservc.log
18/02/2008 13.52.07 411 byte 1 days old -- wiadebug.log
18/02/2008 20.33.03 (DIR) 0 byte 1 days old -- Debug
18/02/2008 20.33.03 (DIR) 0 byte 1 days old -- Minidump
18/02/2008 23.43.25 11290 byte 1 days old -- ModemLog_SAMSUNG CDMA Modem.txt
19/02/2008 10.28.14 32544 byte 0 days old -- SchedLgU.Txt
19/02/2008 10.29.06 (DIR) 0 byte 0 days old -- system32
19/02/2008 12.53.28 (DIR) 0 byte 0 days old -- Prefetch
19/02/2008 13.15.42 2048 byte 0 days old -- bootstat.dat
19/02/2008 13.15.49 1765472 byte 0 days old -- WindowsUpdate.log
19/02/2008 13.15.59 0 byte 0 days old -- 0.log
19/02/2008 13.16.10 (DIR) 0 byte 0 days old -- Temp
11/02/2008 20.44.50 200 byte 8 days old -- cmsetacl.log
11/02/2008 20.46.06 (DIR) 0 byte 8 days old -- Cursors
11/02/2008 20.46.50 1022 byte 8 days old -- sessmgr.setup.log
11/02/2008 20.46.58 133 byte 8 days old -- DtcInstall.log
11/02/2008 20.47.09 37 byte 8 days old -- vbaddin.ini
11/02/2008 20.47.09 36 byte 8 days old -- vb.ini
11/02/2008 20.48.53 (DIR) 0 byte 8 days old -- srchasst
11/02/2008 20.49.19 749 byte 8 days old -- WindowsShell.Manifest
11/02/2008 20.49.27 (DIR) 0 byte 8 days old -- Offline Web Pages
11/02/2008 20.49.32 (DIR) 0 byte 8 days old -- Web
11/02/2008 20.50.39 4161 byte 8 days old -- ODBCINST.INI
11/02/2008 20.51.03 0 byte 8 days old -- control.ini
11/02/2008 20.51.18 (DIR) 0 byte 8 days old -- repair
11/02/2008 20.54.37 8192 byte 8 days old -- REGLOCS.OLD
11/02/2008 20.57.08 747447 byte 8 days old -- setuplog.txt
11/02/2008 20.57.31 829 byte 8 days old -- OEWABLog.txt
11/02/2008 21.02.26 (DIR) 0 byte 8 days old -- Options
11/02/2008 21.02.40 (DIR) 0 byte 8 days old -- Driver Cache
11/02/2008 21.03.03 (DIR) 0 byte 8 days old -- tiinst
11/02/2008 21.03.43 530 byte 8 days old -- SynInst.log
11/02/2008 21.10.05 (DIR) 0 byte 8 days old -- Microsoft.NET
11/02/2008 21.11.49 (DIR) 0 byte 8 days old -- $NtUninstallKB883667$
11/02/2008 21.12.02 3988 byte 8 days old -- KB883667.log
11/02/2008 21.12.06 (DIR) 0 byte 8 days old -- $NtUninstallKB884575$
11/02/2008 21.12.10 4590 byte 8 days old -- KB884575.log
11/02/2008 21.12.13 (DIR) 0 byte 8 days old -- $NtUninstallKB885855$
11/02/2008 21.12.18 4024 byte 8 days old -- KB885855.log
11/02/2008 21.12.21 (DIR) 0 byte 8 days old -- $NtUninstallKB888239$
11/02/2008 21.12.26 3822 byte 8 days old -- KB888239.log
11/02/2008 21.12.31 (DIR) 0 byte 8 days old -- $NtUninstallKB892559$
11/02/2008 21.12.36 4376 byte 8 days old -- KB892559.log
11/02/2008 21.12.41 (DIR) 0 byte 8 days old -- $NtUninstallKB885464$
11/02/2008 21.12.46 4454 byte 8 days old -- KB885464.log
11/02/2008 21.16.39 316640 byte 8 days old -- WMSysPr9.prx
11/02/2008 21.17.50 462 byte 8 days old -- wmsetup10.log
11/02/2008 21.17.54 (DIR) 0 byte 8 days old -- RegisteredPackages
11/02/2008 21.19.45 606 byte 8 days old -- chipset.log
11/02/2008 21.21.03 (DIR) 0 byte 8 days old -- assembly
11/02/2008 21.21.36 (DIR) 0 byte 8 days old -- Registration
11/02/2008 21.22.09 1404 byte 8 days old -- COM+.log
11/02/2008 21.22.09 (DIR) 0 byte 8 days old -- security
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- Provisioning
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- Connection Wizard
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- Config
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- msapps
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- Resources
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- mui
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- java
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- addins
11/02/2008 21.31.58 (DIR) 0 byte 8 days old -- twain_32
11/02/2008 21.35.42 (DIR) 0 byte 8 days old -- PeerNet
11/02/2008 21.35.55 (DIR) 0 byte 8 days old -- AppPatch
11/02/2008 21.37.16 0 byte 8 days old -- setuperr.log
11/02/2008 21.38.19 231 byte 8 days old -- system.ini
11/02/2008 21.40.06 (DIR) 0 byte 8 days old -- ime
11/02/2008 21.40.10 1252 byte 8 days old -- regopt.log
11/02/2008 21.43.26 0 byte 8 days old -- Sti_Trace.log
11/02/2008 22.20.46 0 byte 8 days old -- nsreg.dat
11/02/2008 22.23.17 1142 byte 8 days old -- mozver.dat
11/02/2008 22.50.59 (DIR) 0 byte 8 days old -- SoftwareDistribution
11/02/2008 23.05.08 (DIR) 0 byte 8 days old -- $MSI31Uninstall_KB893803v2$
11/02/2008 23.05.22 9775 byte 8 days old -- KB893803v2.log
11/02/2008 23.05.24 (DIR) 0 byte 8 days old -- $NtUninstallKB898461$
11/02/2008 23.05.27 9921 byte 8 days old -- KB898461.log
11/02/2008 23.05.40 8316 byte 8 days old -- KB892130.log
12/02/2008 10.31.17 552 byte 7 days old -- win.ini
12/02/2008 10.35.52 (DIR) 0 byte 7 days old -- pchealth
12/02/2008 10.37.03 (DIR) 0 byte 7 days old -- SHELLNEW
12/02/2008 12.05.51 (DIR) 0 byte 7 days old -- Downloaded Installations
12/02/2008 18.04.39 5874 byte 7 days old -- KB942615.log
12/02/2008 18.29.55 (DIR) 0 byte 7 days old -- $NtUninstallKB873339$
12/02/2008 18.30.10 15435 byte 7 days old -- KB873339.log
12/02/2008 18.30.16 (DIR) 0 byte 7 days old -- $NtUninstallKB886185$
12/02/2008 18.30.26 11700 byte 7 days old -- KB886185.log
12/02/2008 18.30.30 (DIR) 0 byte 7 days old -- $NtUninstallKB885836$
12/02/2008 18.30.37 16239 byte 7 days old -- KB885836.log
12/02/2008 18.30.42 (DIR) 0 byte 7 days old -- $NtUninstallKB888302$
12/02/2008 18.30.51 16676 byte 7 days old -- KB888302.log
12/02/2008 18.30.56 (DIR) 0 byte 7 days old -- $NtUninstallKB887472$
12/02/2008 18.31.05 16596 byte 7 days old -- KB887472.log
12/02/2008 18.31.09 (DIR) 0 byte 7 days old -- $NtUninstallKB891781$
12/02/2008 18.31.17 16684 byte 7 days old -- KB891781.log
12/02/2008 18.31.22 (DIR) 0 byte 7 days old -- $NtUninstallKB885835$
12/02/2008 18.31.33 17979 byte 7 days old -- KB885835.log
12/02/2008 18.31.38 (DIR) 0 byte 7 days old -- $NtUninstallKB896428$
12/02/2008 18.31.49 17685 byte 7 days old -- KB896428.log
12/02/2008 18.31.55 (DIR) 0 byte 7 days old -- $NtUninstallKB901214$
12/02/2008 18.32.04 17873 byte 7 days old -- KB901214.log
12/02/2008 18.32.12 (DIR) 0 byte 7 days old -- $NtUninstallKB890859$
12/02/2008 18.32.34 20754 byte 7 days old -- KB890859.log
12/02/2008 18.32.40 (DIR) 0 byte 7 days old -- $NtUninstallKB896358$
12/02/2008 18.32.54 20196 byte 7 days old -- KB896358.log
12/02/2008 18.33.00 (DIR) 0 byte 7 days old -- $NtUninstallKB893756$
12/02/2008 18.33.10 20859 byte 7 days old -- KB893756.log
12/02/2008 18.33.15 (DIR) 0 byte 7 days old -- $NtUninstallKB899591$
12/02/2008 18.33.23 21089 byte 7 days old -- KB899591.log
12/02/2008 18.33.28 (DIR) 0 byte 7 days old -- $NtUninstallKB899587$
12/02/2008 18.33.38 21604 byte 7 days old -- KB899587.log
12/02/2008 18.33.44 (DIR) 0 byte 7 days old -- $NtUninstallKB896423$
12/02/2008 18.33.50 24458 byte 7 days old -- KB896423.log
12/02/2008 18.33.57 (DIR) 0 byte 7 days old -- $NtUninstallKB894391$
12/02/2008 18.34.15 22318 byte 7 days old -- KB894391.log
12/02/2008 18.34.27 (DIR) 0 byte 7 days old -- $NtUninstallKB902400$
12/02/2008 18.35.08 32794 byte 7 days old -- KB902400.log
12/02/2008 18.35.14 (DIR) 0 byte 7 days old -- $NtUninstallKB901017$
12/02/2008 18.35.24 27465 byte 7 days old -- KB901017.log
12/02/2008 18.35.30 (DIR) 0 byte 7 days old -- $NtUninstallKB905414$
12/02/2008 18.35.39 28203 byte 7 days old -- KB905414.log
12/02/2008 18.35.45 (DIR) 0 byte 7 days old -- $NtUninstallKB905749$
12/02/2008 18.35.54 28427 byte 7 days old -- KB905749.log
12/02/2008 18.36.02 (DIR) 0 byte 7 days old -- $NtUninstallKB900725$
12/02/2008 18.36.25 31437 byte 7 days old -- KB900725.log
12/02/2008 18.36.32 (DIR) 0 byte 7 days old -- $NtUninstallKB910437$
12/02/2008 18.36.44 23562 byte 7 days old -- KB910437.log
12/02/2008 18.36.51 (DIR) 0 byte 7 days old -- $NtUninstallKB908519$
12/02/2008 18.37.00 28079 byte 7 days old -- KB908519.log
12/02/2008 18.37.06 (DIR) 0 byte 7 days old -- $NtUninstallKB911927$
12/02/2008 18.37.14 31254 byte 7 days old -- KB911927.log
12/02/2008 18.37.20 (DIR) 0 byte 7 days old -- $NtUninstallKB901190$
12/02/2008 18.37.28 30440 byte 7 days old -- KB901190.log
12/02/2008 18.38.01 (DIR) 0 byte 7 days old -- $NtUninstallKB911564$
12/02/2008 18.38.16 19588 byte 7 days old -- KB911564.log
12/02/2008 18.38.23 (DIR) 0 byte 7 days old -- $NtUninstallKB911562$
12/02/2008 18.38.32 31992 byte 7 days old -- KB911562.log
12/02/2008 18.38.42 (DIR) 0 byte 7 days old -- $NtUninstallKB900485$
12/02/2008 18.38.48 32968 byte 7 days old -- KB900485.log
12/02/2008 18.38.59 (DIR) 0 byte 7 days old -- $NtUninstallKB908531$
12/02/2008 18.39.13 31865 byte 7 days old -- KB908531.log
12/02/2008 18.39.20 (DIR) 0 byte 7 days old -- $NtUninstallKB914389$
12/02/2008 18.39.30 29255 byte 7 days old -- KB914389.log
12/02/2008 18.39.37 (DIR) 0 byte 7 days old -- $NtUninstallKB917344$
12/02/2008 18.39.45 33271 byte 7 days old -- KB917344.log
12/02/2008 18.39.51 (DIR) 0 byte 7 days old -- $NtUninstallKB918439$
12/02/2008 18.40.01 32692 byte 7 days old -- KB918439.log
12/02/2008 18.40.15 (DIR) 0 byte 7 days old -- $NtUninstallKB913580$
12/02/2008 18.40.32 31590 byte 7 days old -- KB913580.log
12/02/2008 18.40.39 (DIR) 0 byte 7 days old -- $NtUninstallKB911280$
12/02/2008 18.40.48 33321 byte 7 days old -- KB911280.log
12/02/2008 18.40.54 (DIR) 0 byte 7 days old -- $NtUninstallKB914388$
12/02/2008 18.41.04 35108 byte 7 days old -- KB914388.log
12/02/2008 18.41.11 (DIR) 0 byte 7 days old -- $NtUninstallKB920670$
12/02/2008 18.41.17 34401 byte 7 days old -- KB920670.log
12/02/2008 18.41.29 (DIR) 0 byte 7 days old -- $NtUninstallKB920683$
12/02/2008 18.41.38 31654 byte 7 days old -- KB920683.log
12/02/2008 18.41.51 (DIR) 0 byte 7 days old -- $NtUninstallKB922582$
12/02/2008 18.42.01 28552 byte 7 days old -- KB922582.log
12/02/2008 18.42.07 (DIR) 0 byte 7 days old -- $NtUninstallKB916595$
12/02/2008 18.42.16 36188 byte 7 days old -- KB916595.log
12/02/2008 18.42.23 (DIR) 0 byte 7 days old -- $NtUninstallKB919007$
12/02/2008 18.42.31 37960 byte 7 days old -- KB919007.log
12/02/2008 18.42.38 (DIR) 0 byte 7 days old -- $NtUninstallKB920685$
12/02/2008 18.42.48 37865 byte 7 days old -- KB920685.log
12/02/2008 18.42.59 (DIR) 0 byte 7 days old -- $NtUninstallKB920872$
12/02/2008 18.43.10 39655 byte 7 days old -- KB920872.log
12/02/2008 18.43.16 (DIR) 0 byte 7 days old -- $NtUninstallKB923414$
12/02/2008 18.43.25 37951 byte 7 days old -- KB923414.log
12/02/2008 18.43.32 (DIR) 0 byte 7 days old -- $NtUninstallKB924496$
12/02/2008 18.43.40 38402 byte 7 days old -- KB924496.log
12/02/2008 18.43.51 (DIR) 0 byte 7 days old -- $NtUninstallKB923191$
12/02/2008 18.44.01 36450 byte 7 days old -- KB923191.log
12/02/2008 18.44.09 (DIR) 0 byte 7 days old -- $NtUninstallKB922819$
12/02/2008 18.44.19 40829 byte 7 days old -- KB922819.log
12/02/2008 18.44.26 (DIR) 0 byte 7 days old -- $NtUninstallKB924270$
12/02/2008 18.44.39 42029 byte 7 days old -- KB924270.log
12/02/2008 18.45.03 (DIR) 0 byte 7 days old -- $NtUninstallKB923980$
12/02/2008 18.45.12 41629 byte 7 days old -- KB923980.log
12/02/2008 18.45.18 (DIR) 0 byte 7 days old -- $NtUninstallKB926255$
12/02/2008 18.45.27 40184 byte 7 days old -- KB926255.log
12/02/2008 18.45.34 (DIR) 0 byte 7 days old -- $NtUninstallKB943485$
12/02/2008 18.45.44 39586 byte 7 days old -- KB943485.log
12/02/2008 18.58.50 16678 byte 7 days old -- KB921503.log
12/02/2008 20.45.04 (DIR) 0 byte 7 days old -- $NtUninstallKB928255$
12/02/2008 20.45.42 23247 byte 7 days old -- KB928255.log
12/02/2008 20.45.57 (DIR) 0 byte 7 days old -- $NtUninstallKB928843$
12/02/2008 20.46.06 28787 byte 7 days old -- KB928843.log
12/02/2008 20.46.19 (DIR) 0 byte 7 days old -- $NtUninstallKB927802$
12/02/2008 20.46.31 18748 byte 7 days old -- KB927802.log
12/02/2008 20.46.37 (DIR) 0 byte 7 days old -- $NtUninstallKB924667$
12/02/2008 20.46.49 16771 byte 7 days old -- KB924667.log
12/02/2008 20.46.56 (DIR) 0 byte 7 days old -- $NtUninstallKB927779$
12/02/2008 20.47.07 21857 byte 7 days old -- KB927779.log
12/02/2008 20.47.15 (DIR) 0 byte 7 days old -- $NtUninstallKB918118$
12/02/2008 20.47.24 24547 byte 7 days old -- KB918118.log
12/02/2008 20.47.30 (DIR) 0 byte 7 days old -- $NtUninstallKB926436$
12/02/2008 20.47.44 33956 byte 7 days old -- KB926436.log
12/02/2008 20.48.01 (DIR) 0 byte 7 days old -- $NtUninstallKB925902$
12/02/2008 20.48.17 36199 byte 7 days old -- KB925902.log
12/02/2008 20.48.26 (DIR) 0 byte 7 days old -- $NtUninstallKB931784$
12/02/2008 20.48.45 25849 byte 7 days old -- KB931784.log
12/02/2008 20.49.00 (DIR) 0 byte 7 days old -- $NtUninstallKB930178$
12/02/2008 20.49.19 35591 byte 7 days old -- KB930178.log
12/02/2008 20.49.51 (DIR) 0 byte 7 days old -- $NtUninstallKB931261$
12/02/2008 20.50.05 36315 byte 7 days old -- KB931261.log
12/02/2008 20.50.14 (DIR) 0 byte 7 days old -- $NtUninstallKB932168$
12/02/2008 20.50.21 28641 byte 7 days old -- KB932168.log
12/02/2008 20.50.28 (DIR) 0 byte 7 days old -- $NtUninstallKB890046$
12/02/2008 20.50.42 36550 byte 7 days old -- KB890046.log
12/02/2008 20.50.52 (DIR) 0 byte 7 days old -- $NtUninstallKB920213$
12/02/2008 20.51.06 27157 byte 7 days old -- KB920213.log
12/02/2008 20.51.14 (DIR) 0 byte 7 days old -- $NtUninstallKB930916$
12/02/2008 20.51.22 25974 byte 7 days old -- KB930916.log
12/02/2008 20.51.31 (DIR) 0 byte 7 days old -- $NtUninstallKB927891$
12/02/2008 20.51.53 19941 byte 7 days old -- KB927891.log
12/02/2008 20.53.01 (DIR) 0 byte 7 days old -- $NtUninstallKB929123$
12/02/2008 20.53.27 37886 byte 7 days old -- KB929123.log
12/02/2008 20.54.28 (DIR) 0 byte 7 days old -- $NtUninstallKB935840$
12/02/2008 20.54.41 27413 byte 7 days old -- KB935840.log
12/02/2008 20.55.49 (DIR) 0 byte 7 days old -- $NtUninstallKB935839$
12/02/2008 20.56.06 24943 byte 7 days old -- KB935839.log
12/02/2008 21.04.58 (DIR) 0 byte 7 days old -- msagent
12/02/2008 21.40.32 (DIR) 0 byte 7 days old -- $NtUninstallKB925398_WMP64$
12/02/2008 21.40.43 6193 byte 7 days old -- KB925398.log
12/02/2008 21.45.06 (DIR) 0 byte 7 days old -- $NtUninstallKB938828$
12/02/2008 21.45.21 20865 byte 7 days old -- KB938828.log
12/02/2008 21.45.27 (DIR) 0 byte 7 days old -- $NtUninstallKB938829$
12/02/2008 21.45.36 32094 byte 7 days old -- KB938829.log
12/02/2008 21.46.12 (DIR) 0 byte 7 days old -- $NtUninstallKB936782_WMP10$
12/02/2008 21.46.29 8027 byte 7 days old -- KB936782.log
12/02/2008 21.46.45 (DIR) 0 byte 7 days old -- WinSxS
12/02/2008 21.46.48 290644 byte 7 days old -- msxml4-KB936181-enu.LOG
12/02/2008 21.48.23 (DIR) 0 byte 7 days old -- $NtUninstallKB938127$
12/02/2008 21.48.36 23656 byte 7 days old -- KB938127.log
12/02/2008 21.48.43 (DIR) 0 byte 7 days old -- $NtUninstallKB936021$
12/02/2008 21.48.53 23458 byte 7 days old -- KB936021.log
12/02/2008 21.49.25 (DIR) 0 byte 7 days old -- $NtUninstallKB923689$
12/02/2008 21.49.32 10023 byte 7 days old -- KB923689.log
12/02/2008 21.49.39 (DIR) 0 byte 7 days old -- $NtUninstallKB933729$
12/02/2008 21.49.48 12112 byte 7 days old -- KB933729.log
12/02/2008 21.49.55 (DIR) 0 byte 7 days old -- $NtUninstallKB941202$
12/02/2008 21.50.05 25344 byte 7 days old -- KB941202.log
12/02/2008 21.50.12 (DIR) 0 byte 7 days old -- $NtUninstallKB943460$
12/02/2008 21.50.27 13302 byte 7 days old -- KB943460.log
12/02/2008 21.50.34 (DIR) 0 byte 7 days old -- $NtUninstallKB936357$
12/02/2008 21.50.44 35875 byte 7 days old -- KB936357.log
12/02/2008 21.52.06 (DIR) 0 byte 7 days old -- $NtUninstallKB942763$
12/02/2008 21.52.12 46904 byte 7 days old -- KB942763.log
12/02/2008 21.52.19 (DIR) 0 byte 7 days old -- $NtUninstallKB941568$
12/02/2008 21.52.25 25053 byte 7 days old -- KB941568.log
12/02/2008 21.52.31 (DIR) 0 byte 7 days old -- $NtUninstallKB944653$
12/02/2008 21.52.37 21460 byte 7 days old -- KB944653.log
12/02/2008 21.53.19 (DIR) 0 byte 7 days old -- $NtUninstallKB941569$
12/02/2008 21.53.25 12141 byte 7 days old -- KB941569.log
12/02/2008 21.53.32 (DIR) 0 byte 7 days old -- $NtUninstallKB941644$
12/02/2008 21.53.40 35385 byte 7 days old -- KB941644.log
12/02/2008 21.53.46 (DIR) 0 byte 7 days old -- $NtUninstallKB942840$
12/02/2008 21.53.55 26938 byte 7 days old -- KB942840.log
12/02/2008 21.54.13 (DIR) 0 byte 7 days old -- $NtUninstallKB944533$
12/02/2008 21.55.01 39805 byte 7 days old -- KB944533.log
12/02/2008 21.55.19 (DIR) 0 byte 7 days old -- $NtUninstallKB946026$
12/02/2008 21.55.25 35683 byte 7 days old -- KB946026.log
12/02/2008 21.57.14 (DIR) 0 byte 7 days old -- $NtUninstallKB943055$
12/02/2008 21.57.28 35967 byte 7 days old -- KB943055.log

----- recent files in C:\WINDOWS\Downloaded Program Files\
11/02/2008 20.49.27 65 byte 8 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
13/02/2008 18.41.10 2206 byte 6 days old -- wpa.dbl
13/02/2008 20.26.22 (DIR) 0 byte 6 days old -- config
13/02/2008 20.29.50 (DIR) 0 byte 6 days old -- it-it
14/02/2008 10.37.09 931982 byte 5 days old -- PerfStringBackup.INI
14/02/2008 10.37.12 53098 byte 5 days old -- perfc009.dat
14/02/2008 10.37.13 426042 byte 5 days old -- perfh010.dat
14/02/2008 10.37.13 380684 byte 5 days old -- perfh009.dat
14/02/2008 10.37.13 63600 byte 5 days old -- perfc010.dat
14/02/2008 14.01.52 1659272 byte 5 days old -- FNTCACHE.DAT
15/02/2008 14.01.54 (DIR) 0 byte 4 days old -- dllcache
15/02/2008 22.48.48 (DIR) 0 byte 4 days old -- DRVSTORE
15/02/2008 23.00.40 (DIR) 0 byte 4 days old -- DirectX
18/02/2008 16.04.19 176112 byte 1 days old -- dfhkj.ini2
18/02/2008 17.12.41 (DIR) 0 byte 1 days old -- CatRoot2
18/02/2008 20.51.29 176079 byte 1 days old -- cbeeg.ini2
18/02/2008 22.02.07 24576 byte 1 days old -- VundoFixSVC.exe
19/02/2008 10.24.22 173927 byte 0 days old -- dccdd.ini2
19/02/2008 12.08.41 (DIR) 0 byte 0 days old -- Restore
19/02/2008 13.15.56 (DIR) 0 byte 0 days old -- drivers
04/02/2008 15.09.48 18214008 byte 15 days old -- MRT.exe
11/01/2008 06.32.58 44544 byte 39 days old -- pngfilt.dll
11/02/2008 20.44.45 (DIR) 0 byte 8 days old -- spool
11/02/2008 20.46.59 (DIR) 0 byte 8 days old -- MsDtc
11/02/2008 20.47.27 21840 byte 8 days old -- emptyregdb.dat
11/02/2008 20.49.18 749 byte 8 days old -- nwc.cpl.manifest
11/02/2008 20.49.18 749 byte 8 days old -- ncpa.cpl.manifest
11/02/2008 20.49.19 749 byte 8 days old -- cdplayer.exe.manifest
11/02/2008 20.49.19 749 byte 8 days old -- sapi.cpl.manifest
11/02/2008 20.49.19 749 byte 8 days old -- wuaucpl.cpl.manifest
11/02/2008 20.49.27 488 byte 8 days old -- logonui.exe.manifest
11/02/2008 20.49.27 488 byte 8 days old -- WindowsLogon.manifest
11/02/2008 20.50.19 (DIR) 0 byte 8 days old -- ias
11/02/2008 20.51.04 2885 byte 8 days old -- CONFIG.NT
11/02/2008 20.51.18 (DIR) 0 byte 8 days old -- xircom
11/02/2008 20.51.18 (DIR) 0 byte 8 days old -- wbem
11/02/2008 20.53.47 287 byte 8 days old -- $winnt$.inf
11/02/2008 20.54.59 (DIR) 0 byte 8 days old -- Microsoft
11/02/2008 21.10.49 (DIR) 0 byte 8 days old -- URTTemp
11/02/2008 21.11.27 (DIR) 0 byte 8 days old -- mui
11/02/2008 21.12.25 (DIR) 0 byte 8 days old -- oobe
11/02/2008 21.14.11 (DIR) 0 byte 8 days old -- ReinstallBackups
11/02/2008 21.17.04 658 byte 8 days old -- InstallUtil.InstallLog
11/02/2008 21.17.46 23392 byte 8 days old -- nscompat.tlb
11/02/2008 21.17.46 16832 byte 8 days old -- amcompat.tlb
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 1054
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 1042
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- wins
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 2052
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 1025
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 1037
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 1031
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- ShellExt
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 1041
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 1028
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 3076
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- dhcp
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- export
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- IME
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- 3com_dmi
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- inetsrv
11/02/2008 21.30.17 (DIR) 0 byte 8 days old -- 1033
11/02/2008 21.30.54 (DIR) 0 byte 8 days old -- icsxml
11/02/2008 21.31.25 (DIR) 0 byte 8 days old -- ras
11/02/2008 21.32.12 (DIR) 0 byte 8 days old -- 1040
11/02/2008 21.35.30 (DIR) 0 byte 8 days old -- npp
11/02/2008 21.36.03 (DIR) 0 byte 8 days old -- usmt
11/02/2008 21.36.11 (DIR) 0 byte 8 days old -- Setup
11/02/2008 21.37.46 (DIR) 0 byte 8 days old -- CatRoot
11/02/2008 21.44.06 0 byte 8 days old -- h323log.txt
11/02/2008 21.55.54 (DIR) 0 byte 8 days old -- Samsung_USB_Drivers
11/02/2008 22.47.40 (DIR) 0 byte 8 days old -- SoftwareDistribution
11/02/2008 22.52.34 (DIR) 0 byte 8 days old -- Macromed
11/02/2008 23.05.26 (DIR) 0 byte 8 days old -- PreInstall
12/02/2008 13.01.21 9790 byte 7 days old -- jupdate-1.5.0_11-b03.log
12/02/2008 18.34.52 (DIR) 0 byte 7 days old -- Com
12/02/2008 21.52.06 138774 byte 7 days old -- TZLog.log

----- recent files in C:\WINDOWS\system32\drivers\
14/02/2008 10.51.26 821856 byte 5 days old -- avg7core.sys
14/02/2008 10.51.32 4224 byte 5 days old -- avg7rsw.sys
14/02/2008 10.51.35 27776 byte 5 days old -- avg7rsxp.sys
14/02/2008 19.00.38 26952 byte 5 days old -- avgmfx86.sys
14/02/2008 19.00.46 10760 byte 5 days old -- avgclean.sys
18/02/2008 19.51.02 (DIR) 0 byte 1 days old -- etc
11/02/2008 21.12.53 1714 byte 8 days old -- 103C_HP_NTBK_HP Compaq nx6110 (PY496ET#ABZ)_YN_0U_QCNU547079M_EU_46_I3088_SHP_VKBC Version 39.1D_B68DTD Ver. F.0B_T050916_WXH2_L410_M504_J40_7Intel_8Celeron M_91.4_#080211_N14E4170C_(PY496ET#ABZ)_XMOBILE_CN10.MRK
11/02/2008 21.29.10 (DIR) 0 byte 8 days old -- disdn
12/02/2008 20.00.39 74240 byte 7 days old -- iksyssec.sys
12/02/2008 20.00.42 56832 byte 7 days old -- iksysflt.sys

----- recent files in C:\WINDOWS\temp\
14/02/2008 19.55.39 255 byte 5 days old -- DFC5A2B2.TMP
18/02/2008 20.59.39 (DIR) 0 byte 1 days old -- Temporary Internet Files
18/02/2008 20.59.40 (DIR) 0 byte 1 days old -- History
18/02/2008 20.59.40 (DIR) 0 byte 1 days old -- Cookies

----- recent files in C:\Programmi\
13/02/2008 20.42.06 (DIR) 0 byte 6 days old -- Internet Explorer
14/02/2008 10.51.13 (DIR) 0 byte 5 days old -- Grisoft
14/02/2008 10.56.55 (DIR) 0 byte 5 days old -- Trend Micro
14/02/2008 11.06.04 (DIR) 0 byte 5 days old -- ZipGenius 6
14/02/2008 18.23.54 (DIR) 0 byte 5 days old -- GIMP-2.0
14/02/2008 19.36.28 (DIR) 0 byte 5 days old -- PhotoFiltre
14/02/2008 23.22.32 (DIR) 0 byte 5 days old -- uTorrent
15/02/2008 14.04.07 (DIR) 0 byte 4 days old -- Hewlett-Packard
15/02/2008 14.08.51 (DIR) 0 byte 4 days old -- CyberLink DVD Solution
15/02/2008 14.10.14 (DIR) 0 byte 4 days old -- Ahead
15/02/2008 14.14.46 (DIR) 0 byte 4 days old -- InstallShield Installation Information
15/02/2008 14.15.49 (DIR) 0 byte 4 days old -- lg_fwupdate
15/02/2008 14.19.28 (DIR) 0 byte 4 days old -- HP
15/02/2008 20.10.29 (DIR) 0 byte 4 days old -- Microsoft CAPICOM 2.1.0.2
15/02/2008 22.56.12 (DIR) 0 byte 4 days old -- Microsoft SQL Server Compact Edition
15/02/2008 23.03.07 (DIR) 0 byte 4 days old -- Windows Live
15/02/2008 23.09.16 (DIR) 0 byte 4 days old -- Windows Live Favorites
15/02/2008 23.10.06 (DIR) 0 byte 4 days old -- Windows Live Toolbar
16/02/2008 13.31.12 (DIR) 0 byte 3 days old -- Adobe CS3
16/02/2008 16.23.47 (DIR) 0 byte 3 days old -- Messenger Plus! Live
16/02/2008 18.19.23 (DIR) 0 byte 3 days old -- File comuni
16/02/2008 19.03.30 (DIR) 0 byte 3 days old -- Bonjour
16/02/2008 19.11.53 (DIR) 0 byte 3 days old -- Adobe
17/02/2008 10.15.23 (DIR) 0 byte 2 days old -- eMule
17/02/2008 18.38.11 (DIR) 0 byte 2 days old -- Mozilla Thunderbird
18/02/2008 15.18.43 (DIR) 0 byte 1 days old -- a-squared Anti-Dialer
18/02/2008 19.45.48 (DIR) 0 byte 1 days old -- Spyware Doctor
18/02/2008 23.24.37 (DIR) 0 byte 1 days old -- Mozilla Firefox
19/02/2008 12.07.21 (DIR) 0 byte 0 days old -- Free Download Manager
11/02/2008 20.46.00 (DIR) 0 byte 8 days old -- Windows NT
11/02/2008 20.46.10 (DIR) 0 byte 8 days old -- MSN Gaming Zone
11/02/2008 20.47.13 (DIR) 0 byte 8 days old -- ComPlus Applications
11/02/2008 20.47.58 (DIR) 0 byte 8 days old -- Movie Maker
11/02/2008 20.48.14 (DIR) 0 byte 8 days old -- NetMeeting
11/02/2008 20.49.05 (DIR) 0 byte 8 days old -- Servizi in linea
11/02/2008 20.49.11 (DIR) 0 byte 8 days old -- WindowsUpdate
11/02/2008 20.51.18 (DIR) 0 byte 8 days old -- microsoft frontpage
11/02/2008 20.51.18 (DIR) 0 byte 8 days old -- xerox
11/02/2008 20.57.26 (DIR) 0 byte 8 days old -- Uninstall Information
11/02/2008 21.00.06 (DIR) 0 byte 8 days old -- Analog Devices
11/02/2008 21.01.27 (DIR) 0 byte 8 days old -- Broadcom
11/02/2008 21.03.29 (DIR) 0 byte 8 days old -- Synaptics
11/02/2008 21.15.50 (DIR) 0 byte 8 days old -- HPQ
11/02/2008 21.17.00 (DIR) 0 byte 8 days old -- Windows Media Connect
11/02/2008 21.18.42 (DIR) 0 byte 8 days old -- InterVideo
11/02/2008 21.19.45 (DIR) 0 byte 8 days old -- Intel
11/02/2008 21.55.52 (DIR) 0 byte 8 days old -- Samsung
11/02/2008 22.31.23 (DIR) 0 byte 8 days old -- foobar2000
11/02/2008 22.31.58 (DIR) 0 byte 8 days old -- Sygate
11/02/2008 22.33.21 (DIR) 0 byte 8 days old -- KeePass Password Safe
12/02/2008 10.21.24 (DIR) 0 byte 7 days old -- Easy Thumbnails
12/02/2008 10.35.51 (DIR) 0 byte 7 days old -- Microsoft.NET
12/02/2008 10.37.13 (DIR) 0 byte 7 days old -- Microsoft Visual Studio
12/02/2008 10.37.32 (DIR) 0 byte 7 days old -- Microsoft Office
12/02/2008 10.37.53 (DIR) 0 byte 7 days old -- MSBuild
12/02/2008 10.38.14 (DIR) 0 byte 7 days old -- Microsoft Works
12/02/2008 11.50.54 (DIR) 0 byte 7 days old -- CCleaner
12/02/2008 12.03.10 (DIR) 0 byte 7 days old -- smartision
12/02/2008 12.11.52 (DIR) 0 byte 7 days old -- Macromedia
12/02/2008 12.23.23 (DIR) 0 byte 7 days old -- 7-Zip
12/02/2008 12.42.32 (DIR) 0 byte 7 days old -- VideoLAN
12/02/2008 12.46.23 (DIR) 0 byte 7 days old -- K-Lite Codec Pack
12/02/2008 12.50.27 (DIR) 0 byte 7 days old -- Unlocker
12/02/2008 12.57.55 (DIR) 0 byte 7 days old -- WinRAR
12/02/2008 13.01.21 (DIR) 0 byte 7 days old -- Java
12/02/2008 18.31.00 (DIR) 0 byte 7 days old -- Messenger
12/02/2008 18.38.03 (DIR) 0 byte 7 days old -- Windows Media Player
12/02/2008 20.53.08 (DIR) 0 byte 7 days old -- Outlook Express
12/02/2008 21.46.43 (DIR) 0 byte 7 days old -- MSXML 4.0

----- recent files in C:\Programmi\File comuni\
15/02/2008 14.09.33 (DIR) 0 byte 4 days old -- Ahead
15/02/2008 22.07.29 (DIR) 0 byte 4 days old -- WindowsLiveInstaller
15/02/2008 22.08.20 (DIR) 0 byte 4 days old -- Microsoft Shared
16/02/2008 18.19.23 (DIR) 0 byte 3 days old -- Macrovision Shared
16/02/2008 19.03.13 (DIR) 0 byte 3 days old -- Adobe
11/02/2008 20.48.09 (DIR) 0 byte 8 days old -- MSSoap
11/02/2008 20.48.12 (DIR) 0 byte 8 days old -- Services
11/02/2008 21.03.27 (DIR) 0 byte 8 days old -- InstallShield
11/02/2008 21.14.53 (DIR) 0 byte 8 days old -- Java
11/02/2008 21.40.11 (DIR) 0 byte 8 days old -- SpeechEngines
11/02/2008 21.40.16 (DIR) 0 byte 8 days old -- ODBC
11/02/2008 22.31.40 (DIR) 0 byte 8 days old -- Wise Installation Wizard
11/02/2008 22.32.28 (DIR) 0 byte 8 days old -- GTK
12/02/2008 10.37.12 (DIR) 0 byte 7 days old -- DESIGNER
12/02/2008 12.09.26 (DIR) 0 byte 7 days old -- Macromedia
12/02/2008 20.53.07 (DIR) 0 byte 7 days old -- System

----- recent files in C:\Documents and Settings\amelio\Dati applicazioni\
14/02/2008 19.17.33 (DIR) 0 byte 5 days old -- ZipGenius
14/02/2008 23.51.04 (DIR) 0 byte 5 days old -- Sun
15/02/2008 16.55.49 (DIR) 0 byte 4 days old -- gtk-2.0
15/02/2008 23.11.03 (DIR) 0 byte 4 days old -- Talkback
16/02/2008 11.20.26 (DIR) 0 byte 3 days old -- Microsoft
16/02/2008 13.42.42 (DIR) 0 byte 3 days old -- foobar2000
16/02/2008 17.50.42 252 byte 3 days old -- mainhst.zgh
18/02/2008 13.51.06 (DIR) 0 byte 1 days old -- Adobe
18/02/2008 13.51.44 (DIR) 0 byte 1 days old -- uTorrent
18/02/2008 15.10.32 (DIR) 0 byte 1 days old -- AVG7
18/02/2008 23.43.02 (DIR) 0 byte 1 days old -- SiteAdvisor
19/02/2008 13.14.00 (DIR) 0 byte 0 days old -- Free Download Manager
11/02/2008 20.57.29 (DIR) 0 byte 8 days old -- Identities
11/02/2008 21.38.01 62 byte 8 days old -- desktop.ini
11/02/2008 21.58.30 (DIR) 0 byte 8 days old -- SAMSUNG
11/02/2008 22.23.30 (DIR) 0 byte 8 days old -- Macromedia
12/02/2008 10.09.43 (DIR) 0 byte 7 days old -- PC Tools
12/02/2008 11.07.50 (DIR) 0 byte 7 days old -- URSoft
12/02/2008 12.37.30 (DIR) 0 byte 7 days old -- Easy Thumbnails
12/02/2008 12.44.00 (DIR) 0 byte 7 days old -- vlc
12/02/2008 12.46.18 (DIR) 0 byte 7 days old -- Real
12/02/2008 14.00.21 (DIR) 0 byte 7 days old -- Thunderbird
12/02/2008 14.00.23 (DIR) 0 byte 7 days old -- Mozilla

----- recent files in C:\DOCUME~1\amelio\IMPOST~1\Temp\
13/02/2008 21.15.48 255 byte 6 days old -- DFC5A2B2.TMP
18/02/2008 20.47.31 (DIR) 0 byte 1 days old -- ZGTemp
18/02/2008 21.07.32 32768 byte 1 days old -- ~DFE018.tmp
18/02/2008 21.59.53 32768 byte 1 days old -- ~DF1A24.tmp
18/02/2008 22.20.13 16384 byte 1 days old -- ~DF3450.tmp
18/02/2008 22.20.13 16384 byte 1 days old -- ~DF3447.tmp
18/02/2008 22.20.13 (DIR) 0 byte 1 days old -- nstE.tmp
18/02/2008 22.41.33 (DIR) 0 byte 1 days old -- nstF.tmp
19/02/2008 12.07.21 478 byte 0 days old -- bt1632.bat
19/02/2008 12.51.27 16384 byte 0 days old -- ~DF23E8.tmp
19/02/2008 12.54.57 (DIR) 0 byte 0 days old -- nsi2.tmp
19/02/2008 13.19.06 25 byte 0 days old -- systemscan.ini
19/02/2008 13.19.08 16384 byte 0 days old -- ~DFDBB5.tmp
19/02/2008 13.19.29 (DIR) 0 byte 0 days old -- nsi3.tmp

===================== Duplicated files in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe\00\00\14\00\00\00\00\00\1e\14\008\009\005\007\00\00`ŭ\0c\00\0d\00ÜĈB\00\00\00\00\00\00\00\00\00\0c\00\04\01¸ġB\00\18\00\06\02\1e\14"
"WatchDog"="C:\Programmi\InterVideo\DVD Check\DVDCheck.exe"
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe -startgui"
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP"
"SDTray"="\"C:\Programmi\Spyware Doctor\SDTrayApp.exe\""

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[Run\AdobeUpdater]
@=""

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
#### HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 @="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxdev.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
#### HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InprocServer32 @="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL"
@=""

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Programmi\Windows Live Toolbar\msntb.dll"
@=""

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001

[Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
#### HKCR\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\InprocServer32 @="C:\Programmi\Free Download Manager\iefdmcks.dll"
"NoExplorer"=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00000424

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE"="C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programmi\Bonjour\mDNSResponder.exe"="C:\Programmi\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\amelio\Impostazioni locali\Temp\Rar$EX39.921\emule\eMule.exe"="C:\Documents and Settings\amelio\Impostazioni locali\Temp\Rar$EX39.921\emule\eMule.exe:*:Enabled:eMule"
"C:\Documents and Settings\amelio\Impostazioni locali\Temp\Rar$EX00.516\emule\eMule.exe"="C:\Documents and Settings\amelio\Impostazioni locali\Temp\Rar$EX00.516\emule\eMule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Grisoft\AVG7\avginet.exe"="C:\Programmi\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmi\Grisoft\AVG7\avgamsvr.exe"="C:\Programmi\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programmi\Grisoft\AVG7\avgcc.exe"="C:\Programmi\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programmi\uTorrent\uTorrent.exe"="C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Sec
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi