Olimpo Informatico

[maddog79]

Salve a tutti,ho preso un virus che,quando tento di aprire un filmato o una cartella mi da errore,nella maggior parte di internet explorer.Qualcuno conosce questo virus e puo' suggerirmi un efficace rimedio?graize

[bdoriano]

La diagnosi con la sfera di cristallo mi riesce maluccio...

Fai queste operazioni:

• Disabilita il ripristino di sistema.
  
• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Scarica Norman Malware Cleaner e NOD32 Scanner.
  
• Avvia il pc in modalità provvisoria.
  
• Avvia NOD32 e fagli fare la scansione completa.
  
• Avvia Norman Malware Cleaner e fagli fare la scansione completa.
  Viene generato un log sul desktop chiamandolo NFix_2008-03-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.
  
• Segui le istruzioni di questo topic per postare il log di combofix.
  
• Segui le istruzioni di questo topic per postare il log di hijackthis.

[maddog79]

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/03/09 20:10:13

Norman Scanner Engine Version: 5.91.10
Nvcbin.def Version: 5.90.00, Date: 2008/03/09 20:10:13, Variants: 1383781

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 2
Logged on user: CASA-VALERIO\Valerio


Scan started: 29/03/2008 13:34:17


Scanning running processes and process memory...

Number of processes/threads found: 2275
Number of processes/threads scanned: 2275
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 22s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown0 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown1 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown2 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown3 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown4 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown5 (Error whilst scanning file: I/O Error)

C:\Programmi\DVDFab Platinum 3\DVDFabPlatinum.exe (Infected with W32/Suspicious_N.gen)
Deleted file

C:\Programmi\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Programmi\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

C:\System Volume Information\_RESTO~1\RP66\A0016908.exe (Infected with W32/Suspicious_N.gen)
Deleted file

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:
Failed to set registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Number of files found: 73243
Number of archives unpacked: 313
Number of files scanned: 73205
Number of files not scanned: 38
Number of files skipped due to exclude list: 0
Number of infected files found: 3
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 15m 57s

[maddog79]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.26.12, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202288280468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202296154062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDCC9D8-A663-492A-AE05-FA6CBB276160}: NameServer = 213.205.36.70 213.205.32.70
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6770 bytes

[bdoriano]

Qualcosa si vede, ma manca il log di combofix.

[maddog79]

all'apertura di combofix mi dice che ci sono dei virus e non me lo fa partire

[bdoriano]

Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.

[maddog79]

ComboFix 08-03-27.5 - Valerio 2008-03-29 15.23.04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1612 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Valerio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Valerio\Dati applicazioni\inst.exe
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Creati Da 2008-02-28 al 2008-03-29 )))))))))))))))))))))))))))))))))))
.

2008-03-29 14:51 . 2008-03-29 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-03-29 14:50 . 2008-03-29 14:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 14:26 . 2008-03-29 14:26 <DIR> d-------- C:\Programmi\Trend Micro
2008-03-29 14:02 . 2008-03-29 14:03 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-03-29 12:28 . 2008-03-29 12:28 <DIR> d-------- C:\Programmi\CCleaner
2008-03-29 09:59 . 2008-03-29 09:59 <DIR> d-------- C:\Programmi\Avira
2008-03-29 09:59 . 2008-03-29 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-03-21 17:48 . 2008-03-21 17:48 <DIR> d-------- C:\Programmi\Control Viewer
2008-03-21 13:28 . 2008-03-21 14:15 <DIR> d-------- C:\Documents and Settings\Valerio\Dati applicazioni\BitTorrent
2008-03-21 13:27 . 2008-03-21 13:27 <DIR> d-------- C:\Programmi\DNA
2008-03-21 13:27 . 2008-03-21 13:34 <DIR> d-------- C:\Programmi\BitTorrent
2008-03-21 13:27 . 2008-03-29 15:23 <DIR> d-------- C:\Documents and Settings\Valerio\Dati applicazioni\DNA
2008-03-18 19:32 . 2008-03-19 20:27 <DIR> d-------- C:\Programmi\eMule2
2008-03-18 17:08 . 2008-03-18 17:08 <DIR> d-------- C:\WINDOWS\vbSkinner
2008-03-18 17:08 . 2008-03-29 10:47 <DIR> d-------- C:\Programmi\PFConfig
2008-03-18 16:39 . 2008-03-18 16:39 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-03-18 16:39 . 2008-03-18 16:39 <DIR> d-------- C:\Programmi\FLV Player
2008-03-16 21:51 . 2008-03-16 21:51 244 --ah----- C:\sqmnoopt19.sqm
2008-03-16 21:51 . 2008-03-16 21:51 232 --ah----- C:\sqmdata19.sqm
2008-03-16 20:17 . 2008-03-16 20:17 244 --ah----- C:\sqmnoopt18.sqm
2008-03-16 20:17 . 2008-03-16 20:17 232 --ah----- C:\sqmdata18.sqm
2008-03-16 19:24 . 2008-03-29 14:29 <DIR> d-------- C:\Programmi\eMule
2008-03-16 19:24 . 2008-03-16 19:24 <DIR> d-------- C:\Documents and Settings\Valerio\Dati applicazioni\eMule
2008-03-16 15:01 . 2008-03-16 15:01 244 --ah----- C:\sqmnoopt17.sqm
2008-03-16 15:01 . 2008-03-16 15:01 232 --ah----- C:\sqmdata17.sqm
2008-03-15 19:08 . 2008-03-15 19:08 244 --ah----- C:\sqmnoopt16.sqm
2008-03-15 19:08 . 2008-03-15 19:08 232 --ah----- C:\sqmdata16.sqm
2008-03-15 12:05 . 2008-03-15 12:05 244 --ah----- C:\sqmnoopt15.sqm
2008-03-15 12:05 . 2008-03-15 12:05 232 --ah----- C:\sqmdata15.sqm
2008-03-14 19:30 . 2008-03-14 19:30 244 --ah----- C:\sqmnoopt14.sqm
2008-03-14 19:30 . 2008-03-14 19:30 232 --ah----- C:\sqmdata14.sqm
2008-03-13 20:37 . 2008-03-13 20:37 244 --ah----- C:\sqmnoopt13.sqm
2008-03-13 20:37 . 2008-03-13 20:37 232 --ah----- C:\sqmdata13.sqm
2008-03-13 17:20 . 2008-03-13 17:20 244 --ah----- C:\sqmnoopt12.sqm
2008-03-13 17:20 . 2008-03-13 17:20 232 --ah----- C:\sqmdata12.sqm
2008-03-12 23:34 . 2008-03-12 23:34 244 --ah----- C:\sqmnoopt11.sqm
2008-03-12 23:34 . 2008-03-12 23:34 232 --ah----- C:\sqmdata11.sqm
2008-03-12 19:20 . 2008-03-12 19:20 244 --ah----- C:\sqmnoopt10.sqm
2008-03-12 19:20 . 2008-03-12 19:20 232 --ah----- C:\sqmdata10.sqm
2008-03-12 16:23 . 2008-03-12 16:23 244 --ah----- C:\sqmnoopt09.sqm
2008-03-12 16:23 . 2008-03-12 16:23 232 --ah----- C:\sqmdata09.sqm
2008-03-11 22:10 . 2008-03-19 20:29 244 --ah----- C:\sqmnoopt08.sqm
2008-03-11 22:10 . 2008-03-19 20:29 232 --ah----- C:\sqmdata08.sqm
2008-03-11 18:21 . 2008-03-19 18:39 244 --ah----- C:\sqmnoopt07.sqm
2008-03-11 18:21 . 2008-03-19 18:39 232 --ah----- C:\sqmdata07.sqm
2008-03-10 20:24 . 2008-03-19 17:29 244 --ah----- C:\sqmnoopt06.sqm
2008-03-10 20:24 . 2008-03-19 17:29 232 --ah----- C:\sqmdata06.sqm
2008-03-10 15:54 . 2008-03-18 20:38 244 --ah----- C:\sqmnoopt05.sqm
2008-03-10 15:54 . 2008-03-18 20:38 232 --ah----- C:\sqmdata05.sqm
2008-03-10 11:05 . 2008-03-17 20:27 244 --ah----- C:\sqmnoopt04.sqm
2008-03-10 11:05 . 2008-03-17 20:27 232 --ah----- C:\sqmdata04.sqm
2008-03-09 23:58 . 2008-03-17 16:40 244 --ah----- C:\sqmnoopt03.sqm
2008-03-09 23:58 . 2008-03-17 16:40 232 --ah----- C:\sqmdata03.sqm
2008-03-09 11:57 . 2008-03-17 13:44 244 --ah----- C:\sqmnoopt02.sqm
2008-03-09 11:57 . 2008-03-17 13:44 232 --ah----- C:\sqmdata02.sqm
2008-03-08 20:28 . 2008-03-17 09:37 244 --ah----- C:\sqmnoopt01.sqm
2008-03-08 20:28 . 2008-03-17 09:37 232 --ah----- C:\sqmdata01.sqm
2008-03-08 17:47 . 2008-03-17 07:05 244 --ah----- C:\sqmnoopt00.sqm
2008-03-08 17:47 . 2008-03-17 07:05 232 --ah----- C:\sqmdata00.sqm
2008-03-01 10:58 . 2008-03-01 11:02 <DIR> d-------- C:\Programmi\CViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 14:07 --------- d-----w C:\Programmi\FPA
2008-03-29 13:37 47,360 ----a-w C:\Documents and Settings\Valerio\Dati applicazioni\pcouffin.sys
2008-03-29 13:37 --------- d-----w C:\Programmi\DVDFab Platinum 3
2008-03-29 13:37 --------- d-----w C:\Documents and Settings\Valerio\Dati applicazioni\Vso
2008-03-29 13:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-03-07 07:45 --------- d-----w C:\Programmi\Hattrick Control
2008-02-19 08:35 --------- d-----w C:\Programmi\MSXML 4.0
2008-02-14 16:21 --------- d-----w C:\Documents and Settings\Valerio\Dati applicazioni\Nero
2008-02-14 16:08 --------- d-----w C:\Programmi\Ahead
2008-02-12 18:52 --------- d-----w C:\Programmi\IrfanView
2008-02-09 16:13 --------- d-----w C:\Programmi\CONEXANT
2008-02-09 13:55 --------- d-----w C:\Programmi\C6 Messenger
2008-02-09 13:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-09 13:20 --------- d-----w C:\Programmi\Virgilio Toolbar
2008-02-07 18:27 --------- d-----w C:\Documents and Settings\Valerio\Dati applicazioni\Sports Interactive
2008-02-07 17:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-07 14:50 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-07 14:50 --------- d-----w C:\Programmi\Windows Live
2008-02-07 13:37 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-07 13:03 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-02-07 11:30 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-02-06 18:17 --------- d-----w C:\Programmi\Microsoft.NET
2008-02-06 13:18 --------- d-----w C:\Programmi\Alwil Software
2008-02-06 13:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NVIDIA
2008-02-06 08:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-06 08:12 --------- d--h--r C:\Documents and Settings\Valerio\Dati applicazioni\SecuROM
2008-02-06 08:03 --------- d--h--w C:\Programmi\Zero G Registry
2008-02-06 08:03 --------- d-----w C:\Programmi\Sports Interactive
2008-02-06 07:56 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-06 07:56 --------- d-----w C:\Programmi\File comuni\snpstd
2008-02-06 07:53 --------- d-----w C:\Programmi\Analog Devices
2008-02-06 07:51 --------- d-----w C:\Programmi\DIFX
2008-02-06 07:09 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-02-05 21:44 --------- d-----w C:\Programmi\microsoft frontpage
2008-02-05 21:43 --------- d-----w C:\Programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-03-28 11:42 288576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 11:13 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 11:14 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 07:37 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 13:08 20480]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 13:54 339968]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 10:34 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\ESUpdate.exe"=
"C:\\Programmi\\C6 Messenger\\plugin\\fsmodule\\C6FileSharing.exe"=
"C:\\Programmi\\C6 Messenger\\c6Messenger.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\eMule2\\emule.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 15:25:38
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-29 15:26:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 14:26:19
7 Directory 236,813,590,528 byte disponibili
10 Directory 236,757,725,184 byte disponibili
.
2008-03-21 14:29:51 --- E O F ---

[maddog79]

SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Valerio\Desktop\sys93255.exe
Running in: User mode
Date: 29/03/2008
Time: 15.26.55

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include hijackthis.log

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Linda
| SUPPORT_388945a0 (Disabled)
Yes | Valerio

### users folders

05/02/2008 22.43.49 (DIR) 0 byte 53 days old -- All Users
05/02/2008 22.46.45 (DIR) 0 byte 53 days old -- NetworkService
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- LocalService
07/02/2008 16.08.30 (DIR) 0 byte 51 days old -- Default User
28/03/2008 17.21.14 (DIR) 0 byte 1 days old -- Linda
29/03/2008 15.23.48 (DIR) 0 byte 0 days old -- Valerio

### startup files in users folders

C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Valerio\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== Recent files (60 days old) =====================

----- recent files in C:\
05/02/2008 22.44.27 0 byte 53 days old -- CONFIG.SYS
05/02/2008 22.44.27 0 byte 53 days old -- IO.SYS
05/02/2008 22.44.27 0 byte 53 days old -- MSDOS.SYS
05/02/2008 22.44.27 0 byte 53 days old -- AUTOEXEC.BAT
06/02/2008 00.27.54 (DIR) 0 byte 52 days old -- System Volume Information
06/02/2008 08.50.43 223 byte 52 days old -- boot.ini
06/02/2008 21.21.28 (DIR) 0 byte 52 days old -- Documents and Settings
08/02/2008 20.37.02 (DIR) 0 byte 50 days old -- RECYCLER
10/02/2008 17.06.43 (DIR) 0 byte 48 days old -- Program Files
12/03/2008 16.23.08 244 byte 17 days old -- sqmnoopt09.sqm
12/03/2008 16.23.08 232 byte 17 days old -- sqmdata09.sqm
12/03/2008 19.20.55 232 byte 17 days old -- sqmdata10.sqm
12/03/2008 19.20.55 244 byte 17 days old -- sqmnoopt10.sqm
12/03/2008 23.34.29 244 byte 17 days old -- sqmnoopt11.sqm
12/03/2008 23.34.29 232 byte 17 days old -- sqmdata11.sqm
13/03/2008 17.20.39 244 byte 16 days old -- sqmnoopt12.sqm
13/03/2008 17.20.39 232 byte 16 days old -- sqmdata12.sqm
13/03/2008 20.37.11 244 byte 16 days old -- sqmnoopt13.sqm
13/03/2008 20.37.11 232 byte 16 days old -- sqmdata13.sqm
14/03/2008 19.30.07 244 byte 15 days old -- sqmnoopt14.sqm
14/03/2008 19.30.07 232 byte 15 days old -- sqmdata14.sqm
15/03/2008 12.05.10 244 byte 14 days old -- sqmnoopt15.sqm
15/03/2008 12.05.10 232 byte 14 days old -- sqmdata15.sqm
15/03/2008 19.08.40 232 byte 14 days old -- sqmdata16.sqm
15/03/2008 19.08.40 244 byte 14 days old -- sqmnoopt16.sqm
16/03/2008 15.01.52 232 byte 13 days old -- sqmdata17.sqm
16/03/2008 15.01.52 244 byte 13 days old -- sqmnoopt17.sqm
16/03/2008 20.17.36 244 byte 13 days old -- sqmnoopt18.sqm
16/03/2008 20.17.36 232 byte 13 days old -- sqmdata18.sqm
16/03/2008 21.51.16 244 byte 13 days old -- sqmnoopt19.sqm
16/03/2008 21.51.16 232 byte 13 days old -- sqmdata19.sqm
17/03/2008 07.05.51 232 byte 12 days old -- sqmdata00.sqm
17/03/2008 07.05.51 244 byte 12 days old -- sqmnoopt00.sqm
17/03/2008 09.37.11 232 byte 12 days old -- sqmdata01.sqm
17/03/2008 09.37.11 244 byte 12 days old -- sqmnoopt01.sqm
17/03/2008 13.44.13 244 byte 12 days old -- sqmnoopt02.sqm
17/03/2008 13.44.13 232 byte 12 days old -- sqmdata02.sqm
17/03/2008 16.40.58 244 byte 12 days old -- sqmnoopt03.sqm
17/03/2008 16.40.58 232 byte 12 days old -- sqmdata03.sqm
17/03/2008 20.27.43 244 byte 12 days old -- sqmnoopt04.sqm
17/03/2008 20.27.43 232 byte 12 days old -- sqmdata04.sqm
18/03/2008 20.38.03 232 byte 11 days old -- sqmdata05.sqm
18/03/2008 20.38.03 244 byte 11 days old -- sqmnoopt05.sqm
19/03/2008 17.29.10 232 byte 10 days old -- sqmdata06.sqm
19/03/2008 17.29.10 244 byte 10 days old -- sqmnoopt06.sqm
19/03/2008 18.39.10 244 byte 10 days old -- sqmnoopt07.sqm
19/03/2008 18.39.11 232 byte 10 days old -- sqmdata07.sqm
19/03/2008 20.29.38 232 byte 10 days old -- sqmdata08.sqm
19/03/2008 20.29.38 244 byte 10 days old -- sqmnoopt08.sqm
28/03/2008 12.19.06 230424 byte 1 days old -- img1-001.raw
29/03/2008 13.42.00 518 byte 0 days old -- InfoSat.txt
29/03/2008 14.36.13 (DIR) 0 byte 0 days old -- Programmi
29/03/2008 15.11.41 (DIR) 0 byte 0 days old -- Config.Msi
29/03/2008 15.24.41 2145386496 byte 0 days old -- pagefile.sys
29/03/2008 15.25.28 53 byte 0 days old -- biosinfo
29/03/2008 15.25.37 (DIR) 0 byte 0 days old -- WINDOWS
29/03/2008 15.26.19 (DIR) 0 byte 0 days old -- QooBox
29/03/2008 15.26.22 11853 byte 0 days old -- ComboFix.txt
29/03/2008 15.26.55 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- mui
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- msapps
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Driver Cache
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Config
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- addins
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Provisioning
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Connection Wizard
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- repair
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- java
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Resources
05/02/2008 22.41.02 37 byte 53 days old -- vbaddin.ini
05/02/2008 22.41.02 36 byte 53 days old -- vb.ini
05/02/2008 22.41.46 (DIR) 0 byte 53 days old -- pchealth
05/02/2008 22.42.41 (DIR) 0 byte 53 days old -- twain_32
05/02/2008 22.43.27 (DIR) 0 byte 53 days old -- srchasst
05/02/2008 22.43.39 749 byte 53 days old -- WindowsShell.Manifest
05/02/2008 22.43.43 (DIR) 0 byte 53 days old -- Offline Web Pages
05/02/2008 22.43.45 (DIR) 0 byte 53 days old -- Web
05/02/2008 22.44.13 (DIR) 0 byte 53 days old -- Registration
05/02/2008 22.44.17 4161 byte 53 days old -- ODBCINST.INI
05/02/2008 22.44.27 0 byte 53 days old -- control.ini
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- ime
05/02/2008 22.46.48 8192 byte 53 days old -- REGLOCS.OLD
05/02/2008 22.47.14 (DIR) 0 byte 53 days old -- PeerNet
05/02/2008 22.52.03 0 byte 53 days old -- Sti_Trace.log
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- Tasks
06/02/2008 03.00.23 (DIR) 0 byte 52 days old -- security
06/02/2008 08.12.04 (DIR) 0 byte 52 days old -- nview
06/02/2008 08.13.47 0 byte 52 days old -- msicpl.ini
06/02/2008 08.30.40 25044 byte 52 days old -- Ascd_tmp.ini
06/02/2008 08.48.16 (DIR) 0 byte 52 days old -- AsDmiHtm
06/02/2008 08.52.22 (DIR) 0 byte 52 days old -- $NtUninstallKB888111WXPSP2$
06/02/2008 08.53.52 0 byte 52 days old -- AS_Debug.txt
06/02/2008 10.17.51 (DIR) 0 byte 52 days old -- SoftwareDistribution
06/02/2008 15.39.01 (DIR) 0 byte 52 days old -- $MSI31Uninstall_KB893803v2$
06/02/2008 15.39.05 (DIR) 0 byte 52 days old -- $NtUninstallKB898461$
06/02/2008 19.15.05 (DIR) 0 byte 52 days old -- system
06/02/2008 19.17.24 (DIR) 0 byte 52 days old -- SHELLNEW
06/02/2008 20.43.24 (DIR) 0 byte 52 days old -- $NtUninstallKB873339$
06/02/2008 20.43.28 (DIR) 0 byte 52 days old -- $NtUninstallKB886185$
06/02/2008 20.43.31 (DIR) 0 byte 52 days old -- $NtUninstallKB885836$
06/02/2008 20.43.33 (DIR) 0 byte 52 days old -- $NtUninstallKB888302$
06/02/2008 20.43.35 (DIR) 0 byte 52 days old -- $NtUninstallKB887472$
06/02/2008 20.43.38 (DIR) 0 byte 52 days old -- $NtUninstallKB891781$
06/02/2008 20.43.41 (DIR) 0 byte 52 days old -- $NtUninstallKB885835$
06/02/2008 20.43.44 (DIR) 0 byte 52 days old -- $NtUninstallKB896428$
06/02/2008 20.43.47 (DIR) 0 byte 52 days old -- $NtUninstallKB901214$
06/02/2008 20.43.50 (DIR) 0 byte 52 days old -- $NtUninstallKB890859$
06/02/2008 20.43.55 (DIR) 0 byte 52 days old -- $NtUninstallKB896358$
06/02/2008 20.43.57 (DIR) 0 byte 52 days old -- $NtUninstallKB893756$
06/02/2008 20.44.00 (DIR) 0 byte 52 days old -- $NtUninstallKB899591$
06/02/2008 20.44.03 (DIR) 0 byte 52 days old -- $NtUninstallKB899587$
06/02/2008 20.44.05 (DIR) 0 byte 52 days old -- $NtUninstallKB896423$
06/02/2008 20.44.08 (DIR) 0 byte 52 days old -- $NtUninstallKB894391$
06/02/2008 20.44.11 (DIR) 0 byte 52 days old -- $NtUninstallKB902400$
06/02/2008 20.44.17 (DIR) 0 byte 52 days old -- $NtUninstallKB901017$
06/02/2008 20.44.20 (DIR) 0 byte 52 days old -- $NtUninstallKB905414$
06/02/2008 20.44.22 (DIR) 0 byte 52 days old -- $NtUninstallKB905749$
06/02/2008 20.44.25 (DIR) 0 byte 52 days old -- $NtUninstallKB900725$
06/02/2008 20.44.30 (DIR) 0 byte 52 days old -- $NtUninstallKB910437$
06/02/2008 20.44.33 (DIR) 0 byte 52 days old -- $NtUninstallKB908519$
06/02/2008 20.44.35 (DIR) 0 byte 52 days old -- $NtUninstallKB911927$
06/02/2008 20.44.42 (DIR) 0 byte 52 days old -- $NtUninstallKB911564$
06/02/2008 20.44.46 (DIR) 0 byte 52 days old -- $NtUninstallKB911562$
06/02/2008 20.44.50 (DIR) 0 byte 52 days old -- $NtUninstallKB900485$
06/02/2008 20.44.52 (DIR) 0 byte 52 days old -- $NtUninstallKB908531$
06/02/2008 20.44.57 (DIR) 0 byte 52 days old -- $NtUninstallKB914389$
06/02/2008 20.44.59 (DIR) 0 byte 52 days old -- $NtUninstallKB917344$
06/02/2008 20.45.02 (DIR) 0 byte 52 days old -- $NtUninstallKB918439$
06/02/2008 20.45.05 (DIR) 0 byte 52 days old -- $NtUninstallKB913580$
06/02/2008 20.45.08 (DIR) 0 byte 52 days old -- $NtUninstallKB911280$
06/02/2008 20.45.11 (DIR) 0 byte 52 days old -- $NtUninstallKB914388$
06/02/2008 20.45.14 (DIR) 0 byte 52 days old -- $NtUninstallKB920670$
06/02/2008 20.45.16 (DIR) 0 byte 52 days old -- $NtUninstallKB920683$
06/02/2008 20.45.21 (DIR) 0 byte 52 days old -- $NtUninstallKB922582$
06/02/2008 20.45.24 (DIR) 0 byte 52 days old -- $NtUninstallKB916595$
06/02/2008 20.45.26 (DIR) 0 byte 52 days old -- $NtUninstallKB919007$
06/02/2008 20.45.29 (DIR) 0 byte 52 days old -- $NtUninstallKB920685$
06/02/2008 20.45.33 (DIR) 0 byte 52 days old -- $NtUninstallKB920872$
06/02/2008 20.45.35 (DIR) 0 byte 52 days old -- $NtUninstallKB923414$
06/02/2008 20.45.40 (DIR) 0 byte 52 days old -- $NtUninstallKB924496$
06/02/2008 20.45.43 (DIR) 0 byte 52 days old -- $NtUninstallKB923191$
06/02/2008 20.45.46 (DIR) 0 byte 52 days old -- $NtUninstallKB922819$
06/02/2008 20.45.49 (DIR) 0 byte 52 days old -- $NtUninstallKB924270$
06/02/2008 20.45.55 (DIR) 0 byte 52 days old -- $NtUninstallKB923980$
06/02/2008 20.45.58 (DIR) 0 byte 52 days old -- $NtUninstallKB926255$
06/02/2008 20.46.01 (DIR) 0 byte 52 days old -- $NtUninstallKB928255$
06/02/2008 20.46.06 (DIR) 0 byte 52 days old -- $NtUninstallKB928843$
06/02/2008 20.46.08 (DIR) 0 byte 52 days old -- $NtUninstallKB927802$
06/02/2008 20.46.10 (DIR) 0 byte 52 days old -- $NtUninstallKB924667$
06/02/2008 20.46.13 (DIR) 0 byte 52 days old -- $NtUninstallKB927779$
06/02/2008 20.46.16 (DIR) 0 byte 52 days old -- $NtUninstallKB918118$
06/02/2008 20.46.18 (DIR) 0 byte 52 days old -- $NtUninstallKB926436$
06/02/2008 20.46.22 (DIR) 0 byte 52 days old -- $NtUninstallKB925902$
06/02/2008 20.46.26 (DIR) 0 byte 52 days old -- $NtUninstallKB931784$
06/02/2008 20.46.31 (DIR) 0 byte 52 days old -- $NtUninstallKB930178$
06/02/2008 20.46.34 (DIR) 0 byte 52 days old -- $NtUninstallKB931261$
06/02/2008 20.46.36 (DIR) 0 byte 52 days old -- $NtUninstallKB932168$
06/02/2008 20.46.38 (DIR) 0 byte 52 days old -- $NtUninstallKB890046$
06/02/2008 20.46.42 (DIR) 0 byte 52 days old -- $NtUninstallKB920213$
06/02/2008 20.46.43 (DIR) 0 byte 52 days old -- $NtUninstallKB930916$
06/02/2008 20.46.47 (DIR) 0 byte 52 days old -- $NtUninstallKB927891$
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- $NtUninstallKB929123$
06/02/2008 20.46.54 (DIR) 0 byte 52 days old -- $NtUninstallKB935840$
06/02/2008 20.46.56 (DIR) 0 byte 52 days old -- $NtUninstallKB935839$
06/02/2008 20.47.03 (DIR) 0 byte 52 days old -- $NtUninstallKB925398_WMP64$
06/02/2008 20.47.05 (DIR) 0 byte 52 days old -- $NtUninstallKB938828$
06/02/2008 20.47.08 (DIR) 0 byte 52 days old -- $NtUninstallKB921503$
06/02/2008 20.47.11 (DIR) 0 byte 52 days old -- $NtUninstallKB938829$
06/02/2008 20.47.16 (DIR) 0 byte 52 days old -- $NtUninstallKB936782_WMP9$
06/02/2008 20.47.20 (DIR) 0 byte 52 days old -- $NtUninstallKB938127$
06/02/2008 20.47.23 (DIR) 0 byte 52 days old -- $NtUninstallKB936021$
06/02/2008 20.47.26 (DIR) 0 byte 52 days old -- $NtUninstallKB933729$
06/02/2008 20.47.28 (DIR) 0 byte 52 days old -- $NtUninstallKB941202$
06/02/2008 20.47.32 (DIR) 0 byte 52 days old -- $NtUninstallKB943460_0$
06/02/2008 20.48.37 (DIR) 0 byte 52 days old -- msagent
07/02/2008 12.21.40 (DIR) 0 byte 51 days old -- $NtUninstallKB904942$
07/02/2008 12.21.45 (DIR) 0 byte 51 days old -- $NtUninstallKB914440$
07/02/2008 12.21.46 (DIR) 0 byte 51 days old -- network diagnostic
07/02/2008 12.21.50 (DIR) 0 byte 51 days old -- $NtUninstallKB943460$
07/02/2008 12.22.16 (DIR) 0 byte 51 days old -- $NtUninstallKB915865$
07/02/2008 12.22.26 (DIR) 0 byte 51 days old -- $NtServicePackUninstallNLSDownlevelMapping$
07/02/2008 12.22.33 (DIR) 0 byte 51 days old -- $NtServicePackUninstallIDNMitigationAPIs$
07/02/2008 12.22.44 (DIR) 0 byte 51 days old -- ie7
07/02/2008 12.22.47 (DIR) 0 byte 51 days old -- Media
07/02/2008 12.22.49 (DIR) 0 byte 51 days old -- WBEM
07/02/2008 12.23.14 (DIR) 0 byte 51 days old -- ie7updates
07/02/2008 12.23.25 (DIR) 0 byte 51 days old -- $NtUninstallKB942763$
07/02/2008 12.23.29 (DIR) 0 byte 51 days old -- $NtUninstallKB941568$
07/02/2008 12.23.33 (DIR) 0 byte 51 days old -- $NtUninstallKB942615$
07/02/2008 12.23.36 (DIR) 0 byte 51 days old -- $NtUninstallKB944653$
07/02/2008 12.24.02 (DIR) 0 byte 51 days old -- $NtUninstallKB941569$
07/02/2008 12.24.04 (DIR) 0 byte 51 days old -- $NtUninstallKB941644$
07/02/2008 12.24.06 (DIR) 0 byte 51 days old -- $NtUninstallKB942840$
07/02/2008 12.24.09 (DIR) 0 byte 51 days old -- $NtUninstallKB943485$
07/02/2008 14.02.43 (DIR) 0 byte 51 days old -- $NtUninstallWudf01000$
07/02/2008 14.02.58 (DIR) 0 byte 51 days old -- $NtUninstallWMFDist11$
07/02/2008 14.03.04 316640 byte 51 days old -- WMSysPr9.prx
07/02/2008 14.03.19 (DIR) 0 byte 51 days old -- $NtUninstallwmp11$
07/02/2008 14.03.20 (DIR) 0 byte 51 days old -- Help
07/02/2008 14.03.28 (DIR) 0 byte 51 days old -- $NtUninstallMSCompPackV1$
07/02/2008 14.03.36 (DIR) 0 byte 51 days old -- $NtUninstallKB926239$
07/02/2008 14.08.36 (DIR) 0 byte 51 days old -- AppPatch
07/02/2008 16.20.50 (DIR) 0 byte 51 days old -- Downloaded Installations
08/02/2008 19.19.06 424 byte 50 days old -- ODBC.INI
09/02/2008 01.24.58 (DIR) 0 byte 49 days old -- $NtUninstallKB929399$
09/02/2008 01.25.05 (DIR) 0 byte 49 days old -- $NtUninstallKB936782_WMP11$
09/02/2008 01.25.13 (DIR) 0 byte 49 days old -- $NtUninstallKB939683$
09/02/2008 14.20.37 737280 byte 49 days old -- iun6002.exe
09/02/2008 17.12.50 70276 byte 49 days old -- ModemLog_SoftV92 Data Fax Modem.txt
10/02/2008 11.07.13 (DIR) 0 byte 48 days old -- Fonts
13/02/2008 10.19.46 (DIR) 0 byte 45 days old -- $NtUninstallKB946026$
13/02/2008 10.20.19 (DIR) 0 byte 45 days old -- $NtUninstallKB943055$
14/02/2008 17.19.56 (DIR) 0 byte 44 days old -- Cursors
19/02/2008 09.35.53 (DIR) 0 byte 39 days old -- WinSxS
18/03/2008 16.39.43 (DIR) 0 byte 11 days old -- Applian FLV Player
18/03/2008 17.08.09 (DIR) 0 byte 11 days old -- vbSkinner
20/03/2008 15.25.00 (DIR) 0 byte 9 days old -- $hf_mig$
28/03/2008 12.19.27 781 byte 1 days old -- win.ini
28/03/2008 20.33.58 14 byte 1 days old -- popcinfo.dat
29/03/2008 11.20.25 69 byte 0 days old -- NeroDigital.ini
29/03/2008 12.29.09 (DIR) 0 byte 0 days old -- Debug
29/03/2008 14.36.33 (DIR) 0 byte 0 days old -- Installer
29/03/2008 14.50.59 (DIR) 0 byte 0 days old -- inf
29/03/2008 14.51.00 (DIR) 0 byte 0 days old -- Downloaded Program Files
29/03/2008 14.51.00 4237 byte 0 days old -- setupapi.log
29/03/2008 15.23.36 (DIR) 0 byte 0 days old -- erdnt
29/03/2008 15.23.50 32608 byte 0 days old -- SchedLgU.Txt
29/03/2008 15.24.42 2048 byte 0 days old -- bootstat.dat
29/03/2008 15.24.48 50 byte 0 days old -- wiaservc.log
29/03/2008 15.24.48 1298867 byte 0 days old -- WindowsUpdate.log
29/03/2008 15.24.49 157 byte 0 days old -- wiadebug.log
29/03/2008 15.24.51 0 byte 0 days old -- 0.log
29/03/2008 15.25.37 227 byte 0 days old -- system.ini
29/03/2008 15.25.57 (DIR) 0 byte 0 days old -- Temp
29/03/2008 15.26.14 (DIR) 0 byte 0 days old -- Prefetch
29/03/2008 15.26.25 (DIR) 0 byte 0 days old -- system32
29/03/2008 15.26.54 7266 byte 0 days old -- ModemLog_PCI SoftV92 Speakerphone Modem.txt

----- recent files in C:\WINDOWS\Downloaded Program Files\
05/02/2008 22.43.43 65 byte 53 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 3076
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 3com_dmi
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1054
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 2052
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- dhcp
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- wins
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- IME
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- export
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1042
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1028
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1031
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- mui
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1025
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- inetsrv
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1041
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1037
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- ShellExt
05/02/2008 22.39.05 (DIR) 0 byte 53 days old -- spool
05/02/2008 22.40.56 (DIR) 0 byte 53 days old -- 1033
05/02/2008 22.40.57 (DIR) 0 byte 53 days old -- MsDtc
05/02/2008 22.41.07 (DIR) 0 byte 53 days old -- ias
05/02/2008 22.41.09 21840 byte 53 days old -- emptyregdb.dat
05/02/2008 22.41.54 (DIR) 0 byte 53 days old -- icsxml
05/02/2008 22.42.07 (DIR) 0 byte 53 days old -- Macromed
05/02/2008 22.42.16 (DIR) 0 byte 53 days old -- ras
05/02/2008 22.42.51 (DIR) 0 byte 53 days old -- 1040
05/02/2008 22.42.59 (DIR) 0 byte 53 days old -- oobe
05/02/2008 22.43.39 749 byte 53 days old -- nwc.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- wuaucpl.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- ncpa.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- sapi.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- cdplayer.exe.manifest
05/02/2008 22.43.43 488 byte 53 days old -- logonui.exe.manifest
05/02/2008 22.43.43 488 byte 53 days old -- WindowsLogon.manifest
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- xircom
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- wbem
05/02/2008 22.46.14 261 byte 53 days old -- $winnt$.inf
05/02/2008 22.46.55 (DIR) 0 byte 53 days old -- npp
05/02/2008 22.47.47 (DIR) 0 byte 53 days old -- usmt
05/02/2008 22.48.01 (DIR) 0 byte 53 days old -- Setup
05/02/2008 23.38.18 0 byte 53 days old -- h323log.txt
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- Microsoft
06/02/2008 00.27.54 (DIR) 0 byte 52 days old -- Restore
06/02/2008 08.21.50 13732 byte 52 days old -- wpa.bak
06/02/2008 08.49.57 (DIR) 0 byte 52 days old -- ReinstallBackups
06/02/2008 09.12.50 107888 byte 52 days old -- CmdLineExt.dll
06/02/2008 10.12.33 (DIR) 0 byte 52 days old -- SoftwareDistribution
06/02/2008 14.18.36 2934 byte 52 days old -- CONFIG.NT
06/02/2008 15.39.06 (DIR) 0 byte 52 days old -- PreInstall
06/02/2008 20.44.13 (DIR) 0 byte 52 days old -- Com
06/02/2008 21.22.42 345382 byte 52 days old -- perfh010.dat
06/02/2008 21.22.42 751592 byte 52 days old -- PerfStringBackup.INI
06/02/2008 21.22.42 311740 byte 52 days old -- perfh009.dat
06/02/2008 21.22.42 40128 byte 52 days old -- perfc009.dat
06/02/2008 21.22.42 47814 byte 52 days old -- perfc010.dat
07/02/2008 12.23.18 (DIR) 0 byte 51 days old -- it-it
07/02/2008 12.23.25 138684 byte 51 days old -- TZLog.log
07/02/2008 14.02.44 (DIR) 0 byte 51 days old -- LogFiles
07/02/2008 14.08.48 23392 byte 51 days old -- nscompat.tlb
07/02/2008 14.08.48 16832 byte 51 days old -- amcompat.tlb
07/02/2008 15.51.07 (DIR) 0 byte 51 days old -- DRVSTORE
09/02/2008 08.45.18 (DIR) 0 byte 49 days old -- CatRoot
10/02/2008 13.40.24 188200 byte 48 days old -- FNTCACHE.DAT
13/02/2008 10.20.21 (DIR) 0 byte 45 days old -- dllcache
14/02/2008 17.19.24 (DIR) 0 byte 44 days old -- DirectX
05/03/2008 17.30.54 19148408 byte 24 days old -- MRT.exe
29/03/2008 11.21.40 13732 byte 0 days old -- wpa.dbl
29/03/2008 14.36.34 188 byte 0 days old -- MsiExec.exe.log
29/03/2008 14.50.59 (DIR) 0 byte 0 days old -- Kaspersky Lab
29/03/2008 15.23.39 (DIR) 0 byte 0 days old -- config
29/03/2008 15.25.28 81191 byte 0 days old -- nvapps.xml
29/03/2008 15.26.06 (DIR) 0 byte 0 days old -- CatRoot2
29/03/2008 15.26.24 (DIR) 0 byte 0 days old -- drivers

----- recent files in C:\WINDOWS\system32\drivers\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- disdn
07/02/2008 14.03.01 (DIR) 0 byte 51 days old -- UMDF
07/02/2008 15.50.39 47360 byte 51 days old -- pcouffin.sys
29/03/2008 10.34.51 61632 byte 0 days old -- avipbb.sys
29/03/2008 15.25.26 (DIR) 0 byte 0 days old -- etc

----- recent files in C:\WINDOWS\temp\
29/03/2008 15.24.45 16384 byte 0 days old -- Perflib_Perfdata_488.dat
29/03/2008 15.25.38 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Programmi\
05/02/2008 22.40.17 (DIR) 0 byte 53 days old -- Windows NT
05/02/2008 22.40.30 (DIR) 0 byte 53 days old -- MSN Gaming Zone
05/02/2008 22.41.03 (DIR) 0 byte 53 days old -- ComPlus Applications
05/02/2008 22.41.58 (DIR) 0 byte 53 days old -- Movie Maker
05/02/2008 22.42.24 (DIR) 0 byte 53 days old -- NetMeeting
05/02/2008 22.43.33 (DIR) 0 byte 53 days old -- Servizi in linea
05/02/2008 22.43.36 (DIR) 0 byte 53 days old -- WindowsUpdate
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- microsoft frontpage
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- xerox
06/02/2008 07.50.25 (DIR) 0 byte 52 days old -- Uninstall Information
06/02/2008 08.51.11 (DIR) 0 byte 52 days old -- DIFX
06/02/2008 08.53.08 (DIR) 0 byte 52 days old -- Analog Devices
06/02/2008 08.56.12 (DIR) 0 byte 52 days old -- InstallShield Installation Information
06/02/2008 09.03.42 (DIR) 0 byte 52 days old -- Sports Interactive
06/02/2008 09.03.42 (DIR) 0 byte 52 days old -- Zero G Registry
06/02/2008 14.18.27 (DIR) 0 byte 52 days old -- Alwil Software
06/02/2008 19.17.03 (DIR) 0 byte 52 days old -- Microsoft Office
06/02/2008 19.17.28 (DIR) 0 byte 52 days old -- Microsoft.NET
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- Outlook Express
06/02/2008 20.48.36 (DIR) 0 byte 52 days old -- Messenger
07/02/2008 12.30.48 (DIR) 0 byte 51 days old -- Microsoft Silverlight
07/02/2008 14.03.23 (DIR) 0 byte 51 days old -- Windows Media Connect 2
07/02/2008 14.08.36 (DIR) 0 byte 51 days old -- Windows Media Player
07/02/2008 15.50.57 (DIR) 0 byte 51 days old -- Windows Live
09/02/2008 14.20.14 (DIR) 0 byte 49 days old -- Virgilio Toolbar
09/02/2008 14.55.17 (DIR) 0 byte 49 days old -- C6 Messenger
09/02/2008 17.13.05 (DIR) 0 byte 49 days old -- CONEXANT
12/02/2008 19.52.43 (DIR) 0 byte 46 days old -- IrfanView
13/02/2008 12.58.58 (DIR) 0 byte 45 days old -- Internet Explorer
14/02/2008 17.08.24 (DIR) 0 byte 44 days old -- Ahead
19/02/2008 09.35.53 (DIR) 0 byte 39 days old -- MSXML 4.0
01/03/2008 11.02.16 (DIR) 0 byte 28 days old -- CViewer
07/03/2008 08.45.45 (DIR) 0 byte 22 days old -- Hattrick Control
18/03/2008 16.39.44 (DIR) 0 byte 11 days old -- FLV Player
19/03/2008 20.27.39 (DIR) 0 byte 10 days old -- eMule2
21/03/2008 13.27.55 (DIR) 0 byte 8 days old -- DNA
21/03/2008 13.34.05 (DIR) 0 byte 8 days old -- BitTorrent
21/03/2008 17.48.47 (DIR) 0 byte 8 days old -- Control Viewer
26/03/2008 12.42.19 (DIR) 0 byte 3 days old -- WinRAR
29/03/2008 09.59.33 (DIR) 0 byte 0 days old -- Avira
29/03/2008 10.47.31 (DIR) 0 byte 0 days old -- PFConfig
29/03/2008 12.28.22 (DIR) 0 byte 0 days old -- CCleaner
29/03/2008 14.03.01 (DIR) 0 byte 0 days old -- RogueRemover FREE
29/03/2008 14.26.01 (DIR) 0 byte 0 days old -- Trend Micro
29/03/2008 14.29.46 (DIR) 0 byte 0 days old -- eMule
29/03/2008 14.36.13 (DIR) 0 byte 0 days old -- File comuni
29/03/2008 14.37.05 (DIR) 0 byte 0 days old -- DVDFab Platinum 3
29/03/2008 15.07.01 (DIR) 0 byte 0 days old -- FPA

----- recent files in C:\Programmi\File comuni\
05/02/2008 22.42.16 (DIR) 0 byte 53 days old -- MSSoap
05/02/2008 22.42.23 (DIR) 0 byte 53 days old -- Services
05/02/2008 22.50.18 (DIR) 0 byte 53 days old -- SpeechEngines
05/02/2008 22.50.22 (DIR) 0 byte 53 days old -- ODBC
06/02/2008 08.09.01 (DIR) 0 byte 52 days old -- InstallShield
06/02/2008 08.56.18 (DIR) 0 byte 52 days old -- snpstd
06/02/2008 19.17.02 (DIR) 0 byte 52 days old -- DESIGNER
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- System
07/02/2008 14.37.46 (DIR) 0 byte 51 days old -- WindowsLiveInstaller
10/02/2008 11.07.00 (DIR) 0 byte 48 days old -- Microsoft Shared

----- recent files in C:\Documents and Settings\Valerio\Dati applicazioni\
05/02/2008 22.49.43 62 byte 53 days old -- desktop.ini
06/02/2008 07.50.26 (DIR) 0 byte 52 days old -- Identities
06/02/2008 09.12.50 (DIR) 0 byte 52 days old -- SecuROM
07/02/2008 15.52.47 (DIR) 0 byte 51 days old -- Adobe
07/02/2008 15.54.33 (DIR) 0 byte 51 days old -- Macromedia
07/02/2008 19.25.58 (DIR) 0 byte 51 days old -- WinRAR
07/02/2008 19.27.27 (DIR) 0 byte 51 days old -- Sports Interactive
14/02/2008 17.21.15 (DIR) 0 byte 44 days old -- Nero
20/02/2008 09.51.34 (DIR) 0 byte 38 days old -- Microsoft
16/03/2008 19.24.37 (DIR) 0 byte 13 days old -- eMule
21/03/2008 14.15.11 (DIR) 0 byte 8 days old -- BitTorrent
29/03/2008 14.37.04 47360 byte 0 days old -- pcouffin.sys
29/03/2008 14.37.04 7887 byte 0 days old -- pcouffin.cat
29/03/2008 14.37.04 1144 byte 0 days old -- pcouffin.inf
29/03/2008 14.37.05 (DIR) 0 byte 0 days old -- Vso
29/03/2008 14.37.05 33 byte 0 days old -- pcouffin.log
29/03/2008 15.23.43 (DIR) 0 byte 0 days old -- DNA

----- recent files in C:\DOCUME~1\Valerio\IMPOST~1\Temp\
29/03/2008 15.26.47 16384 byte 0 days old -- ~DFC1E8.tmp
29/03/2008 15.26.47 54 byte 0 days old -- systemscan.ini
29/03/2008 15.26.55 (DIR) 0 byte 0 days old -- nsg3.tmp

===================== Duplicated files in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\WINDOWS\system32\sw20.exe"
"SW24"="C:\WINDOWS\system32\sw24.exe"
"WinSys2"="C:\WINDOWS\system32\winsys2.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe"
"SoundMAX"="\"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe\" /tray"
"CameraFixer"="C:\WINDOWS\CameraFixer.exe"
"snpstd"="C:\WINDOWS\vsnpstd.exe"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"NBKeyScan"="\"C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe\""
"avgnt"="\"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"

[run\OptionalComponents]

[run\OptionalComponents\IMAIL]
"Installed"="1"

[run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe\""
"msnmsgr"="\"C:\Programmi\Windows Live\Messenger\msnmsgr.exe\" /background"
"BitTorrent DNA"="\"C:\Programmi\DNA\btdna.exe\""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00002cdf

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe"="C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\ESUpdate.exe"="C:\WINDOWS\ESUpdate.exe:*:Enabled:Virgilio Toolbar"
"C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe"="C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe:*:Enabled:C6 Scambia File"
"C:\Programmi\C6 Messenger\c6Messenger.exe"="C:\Programmi\C6 Messenger\c6Messenger.exe:*:Enabled:C6 Messenger"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\eMule2\emule.exe"="C:\Programmi\eMule2\emule.exe:*:Enabled:eMuleMorphXT"
"C:\Programmi\DNA\btdna.exe"="C:\Programmi\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programmi\BitTorrent\bittorrent.exe"="C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

[AU]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{D1FF7F4A-899A-42AB-8588-03237D4456D8}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\RogueRemover Free]

[VB and VBA Program Settings\RogueRemover Free\Run]

[VB and VBA Program Settings\vbSkinner Pro 2]

[VB and VBA Program Settings\vbSkinner Pro 2\C:]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi\PFConfig]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi\PFConfig\PFConfig.exe]

[VB and VBA Program Settings\vbSkinner Pro 2\Msgbox_Captions]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
"@="Aggiornamento della protezione per Windows XP (KB923789)"
"ComponentID"="KB923789"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {CEDCC9D8-A663-492A-AE05-FA6CBB276160} REG_BINARY 0F000000000000000000000000000000AF51EE47F9000000000000000000000000000000AF51EE4701000000000000000000000000000000AF51EE472B000000000000000000000000000000AF51EE472C000000000000000000000000000000AF51EE4706000000000000000000000000000000AF51EE47
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {CEDCC9D8-A663-492A-AE05-FA6CBB276160} REG_BINARY 0F000000000000000000000000000000854EEE47F9000000000000000000000000000000854EEE4701000000000000000000000000000000854EEE472B000000000000000000000000000000854EEE472C000000000000000000000000000000854EEE4706000000000000000000000000000000854EEE47
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11487 (0x2CDF)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 11477 (0x2CD5)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Programmi\MSN BackUp\MSNBackup.exe REG_SZ C:\Programmi\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NTEContextList REG_MULTI_SZ 0x00000003\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpIPAddress REG_SZ 62.11.16.191
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NameServer REG_SZ 213.205.36.70 213.205.32.70
> Value: HKEY_

[maddog79]

SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Valerio\Desktop\sys93255.exe
Running in: User mode
Date: 29/03/2008
Time: 15.26.55

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include hijackthis.log

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Linda
| SUPPORT_388945a0 (Disabled)
Yes | Valerio

### users folders

05/02/2008 22.43.49 (DIR) 0 byte 53 days old -- All Users
05/02/2008 22.46.45 (DIR) 0 byte 53 days old -- NetworkService
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- LocalService
07/02/2008 16.08.30 (DIR) 0 byte 51 days old -- Default User
28/03/2008 17.21.14 (DIR) 0 byte 1 days old -- Linda
29/03/2008 15.23.48 (DIR) 0 byte 0 days old -- Valerio

### startup files in users folders

C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Valerio\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== Recent files (60 days old) =====================

----- recent files in C:\
05/02/2008 22.44.27 0 byte 53 days old -- CONFIG.SYS
05/02/2008 22.44.27 0 byte 53 days old -- IO.SYS
05/02/2008 22.44.27 0 byte 53 days old -- MSDOS.SYS
05/02/2008 22.44.27 0 byte 53 days old -- AUTOEXEC.BAT
06/02/2008 00.27.54 (DIR) 0 byte 52 days old -- System Volume Information
06/02/2008 08.50.43 223 byte 52 days old -- boot.ini
06/02/2008 21.21.28 (DIR) 0 byte 52 days old -- Documents and Settings
08/02/2008 20.37.02 (DIR) 0 byte 50 days old -- RECYCLER
10/02/2008 17.06.43 (DIR) 0 byte 48 days old -- Program Files
12/03/2008 16.23.08 244 byte 17 days old -- sqmnoopt09.sqm
12/03/2008 16.23.08 232 byte 17 days old -- sqmdata09.sqm
12/03/2008 19.20.55 232 byte 17 days old -- sqmdata10.sqm
12/03/2008 19.20.55 244 byte 17 days old -- sqmnoopt10.sqm
12/03/2008 23.34.29 244 byte 17 days old -- sqmnoopt11.sqm
12/03/2008 23.34.29 232 byte 17 days old -- sqmdata11.sqm
13/03/2008 17.20.39 244 byte 16 days old -- sqmnoopt12.sqm
13/03/2008 17.20.39 232 byte 16 days old -- sqmdata12.sqm
13/03/2008 20.37.11 244 byte 16 days old -- sqmnoopt13.sqm
13/03/2008 20.37.11 232 byte 16 days old -- sqmdata13.sqm
14/03/2008 19.30.07 244 byte 15 days old -- sqmnoopt14.sqm
14/03/2008 19.30.07 232 byte 15 days old -- sqmdata14.sqm
15/03/2008 12.05.10 244 byte 14 days old -- sqmnoopt15.sqm
15/03/2008 12.05.10 232 byte 14 days old -- sqmdata15.sqm
15/03/2008 19.08.40 232 byte 14 days old -- sqmdata16.sqm
15/03/2008 19.08.40 244 byte 14 days old -- sqmnoopt16.sqm
16/03/2008 15.01.52 232 byte 13 days old -- sqmdata17.sqm
16/03/2008 15.01.52 244 byte 13 days old -- sqmnoopt17.sqm
16/03/2008 20.17.36 244 byte 13 days old -- sqmnoopt18.sqm
16/03/2008 20.17.36 232 byte 13 days old -- sqmdata18.sqm
16/03/2008 21.51.16 244 byte 13 days old -- sqmnoopt19.sqm
16/03/2008 21.51.16 232 byte 13 days old -- sqmdata19.sqm
17/03/2008 07.05.51 232 byte 12 days old -- sqmdata00.sqm
17/03/2008 07.05.51 244 byte 12 days old -- sqmnoopt00.sqm
17/03/2008 09.37.11 232 byte 12 days old -- sqmdata01.sqm
17/03/2008 09.37.11 244 byte 12 days old -- sqmnoopt01.sqm
17/03/2008 13.44.13 244 byte 12 days old -- sqmnoopt02.sqm
17/03/2008 13.44.13 232 byte 12 days old -- sqmdata02.sqm
17/03/2008 16.40.58 244 byte 12 days old -- sqmnoopt03.sqm
17/03/2008 16.40.58 232 byte 12 days old -- sqmdata03.sqm
17/03/2008 20.27.43 244 byte 12 days old -- sqmnoopt04.sqm
17/03/2008 20.27.43 232 byte 12 days old -- sqmdata04.sqm
18/03/2008 20.38.03 232 byte 11 days old -- sqmdata05.sqm
18/03/2008 20.38.03 244 byte 11 days old -- sqmnoopt05.sqm
19/03/2008 17.29.10 232 byte 10 days old -- sqmdata06.sqm
19/03/2008 17.29.10 244 byte 10 days old -- sqmnoopt06.sqm
19/03/2008 18.39.10 244 byte 10 days old -- sqmnoopt07.sqm
19/03/2008 18.39.11 232 byte 10 days old -- sqmdata07.sqm
19/03/2008 20.29.38 232 byte 10 days old -- sqmdata08.sqm
19/03/2008 20.29.38 244 byte 10 days old -- sqmnoopt08.sqm
28/03/2008 12.19.06 230424 byte 1 days old -- img1-001.raw
29/03/2008 13.42.00 518 byte 0 days old -- InfoSat.txt
29/03/2008 14.36.13 (DIR) 0 byte 0 days old -- Programmi
29/03/2008 15.11.41 (DIR) 0 byte 0 days old -- Config.Msi
29/03/2008 15.24.41 2145386496 byte 0 days old -- pagefile.sys
29/03/2008 15.25.28 53 byte 0 days old -- biosinfo
29/03/2008 15.25.37 (DIR) 0 byte 0 days old -- WINDOWS
29/03/2008 15.26.19 (DIR) 0 byte 0 days old -- QooBox
29/03/2008 15.26.22 11853 byte 0 days old -- ComboFix.txt
29/03/2008 15.26.55 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- mui
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- msapps
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Driver Cache
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Config
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- addins
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Provisioning
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Connection Wizard
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- repair
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- java
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Resources
05/02/2008 22.41.02 37 byte 53 days old -- vbaddin.ini
05/02/2008 22.41.02 36 byte 53 days old -- vb.ini
05/02/2008 22.41.46 (DIR) 0 byte 53 days old -- pchealth
05/02/2008 22.42.41 (DIR) 0 byte 53 days old -- twain_32
05/02/2008 22.43.27 (DIR) 0 byte 53 days old -- srchasst
05/02/2008 22.43.39 749 byte 53 days old -- WindowsShell.Manifest
05/02/2008 22.43.43 (DIR) 0 byte 53 days old -- Offline Web Pages
05/02/2008 22.43.45 (DIR) 0 byte 53 days old -- Web
05/02/2008 22.44.13 (DIR) 0 byte 53 days old -- Registration
05/02/2008 22.44.17 4161 byte 53 days old -- ODBCINST.INI
05/02/2008 22.44.27 0 byte 53 days old -- control.ini
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- ime
05/02/2008 22.46.48 8192 byte 53 days old -- REGLOCS.OLD
05/02/2008 22.47.14 (DIR) 0 byte 53 days old -- PeerNet
05/02/2008 22.52.03 0 byte 53 days old -- Sti_Trace.log
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- Tasks
06/02/2008 03.00.23 (DIR) 0 byte 52 days old -- security
06/02/2008 08.12.04 (DIR) 0 byte 52 days old -- nview
06/02/2008 08.13.47 0 byte 52 days old -- msicpl.ini
06/02/2008 08.30.40 25044 byte 52 days old -- Ascd_tmp.ini
06/02/2008 08.48.16 (DIR) 0 byte 52 days old -- AsDmiHtm
06/02/2008 08.52.22 (DIR) 0 byte 52 days old -- $NtUninstallKB888111WXPSP2$
06/02/2008 08.53.52 0 byte 52 days old -- AS_Debug.txt
06/02/2008 10.17.51 (DIR) 0 byte 52 days old -- SoftwareDistribution
06/02/2008 15.39.01 (DIR) 0 byte 52 days old -- $MSI31Uninstall_KB893803v2$
06/02/2008 15.39.05 (DIR) 0 byte 52 days old -- $NtUninstallKB898461$
06/02/2008 19.15.05 (DIR) 0 byte 52 days old -- system
06/02/2008 19.17.24 (DIR) 0 byte 52 days old -- SHELLNEW
06/02/2008 20.43.24 (DIR) 0 byte 52 days old -- $NtUninstallKB873339$
06/02/2008 20.43.28 (DIR) 0 byte 52 days old -- $NtUninstallKB886185$
06/02/2008 20.43.31 (DIR) 0 byte 52 days old -- $NtUninstallKB885836$
06/02/2008 20.43.33 (DIR) 0 byte 52 days old -- $NtUninstallKB888302$
06/02/2008 20.43.35 (DIR) 0 byte 52 days old -- $NtUninstallKB887472$
06/02/2008 20.43.38 (DIR) 0 byte 52 days old -- $NtUninstallKB891781$
06/02/2008 20.43.41 (DIR) 0 byte 52 days old -- $NtUninstallKB885835$
06/02/2008 20.43.44 (DIR) 0 byte 52 days old -- $NtUninstallKB896428$
06/02/2008 20.43.47 (DIR) 0 byte 52 days old -- $NtUninstallKB901214$
06/02/2008 20.43.50 (DIR) 0 byte 52 days old -- $NtUninstallKB890859$
06/02/2008 20.43.55 (DIR) 0 byte 52 days old -- $NtUninstallKB896358$
06/02/2008 20.43.57 (DIR) 0 byte 52 days old -- $NtUninstallKB893756$
06/02/2008 20.44.00 (DIR) 0 byte 52 days old -- $NtUninstallKB899591$
06/02/2008 20.44.03 (DIR) 0 byte 52 days old -- $NtUninstallKB899587$
06/02/2008 20.44.05 (DIR) 0 byte 52 days old -- $NtUninstallKB896423$
06/02/2008 20.44.08 (DIR) 0 byte 52 days old -- $NtUninstallKB894391$
06/02/2008 20.44.11 (DIR) 0 byte 52 days old -- $NtUninstallKB902400$
06/02/2008 20.44.17 (DIR) 0 byte 52 days old -- $NtUninstallKB901017$
06/02/2008 20.44.20 (DIR) 0 byte 52 days old -- $NtUninstallKB905414$
06/02/2008 20.44.22 (DIR) 0 byte 52 days old -- $NtUninstallKB905749$
06/02/2008 20.44.25 (DIR) 0 byte 52 days old -- $NtUninstallKB900725$
06/02/2008 20.44.30 (DIR) 0 byte 52 days old -- $NtUninstallKB910437$
06/02/2008 20.44.33 (DIR) 0 byte 52 days old -- $NtUninstallKB908519$
06/02/2008 20.44.35 (DIR) 0 byte 52 days old -- $NtUninstallKB911927$
06/02/2008 20.44.42 (DIR) 0 byte 52 days old -- $NtUninstallKB911564$
06/02/2008 20.44.46 (DIR) 0 byte 52 days old -- $NtUninstallKB911562$
06/02/2008 20.44.50 (DIR) 0 byte 52 days old -- $NtUninstallKB900485$
06/02/2008 20.44.52 (DIR) 0 byte 52 days old -- $NtUninstallKB908531$
06/02/2008 20.44.57 (DIR) 0 byte 52 days old -- $NtUninstallKB914389$
06/02/2008 20.44.59 (DIR) 0 byte 52 days old -- $NtUninstallKB917344$
06/02/2008 20.45.02 (DIR) 0 byte 52 days old -- $NtUninstallKB918439$
06/02/2008 20.45.05 (DIR) 0 byte 52 days old -- $NtUninstallKB913580$
06/02/2008 20.45.08 (DIR) 0 byte 52 days old -- $NtUninstallKB911280$
06/02/2008 20.45.11 (DIR) 0 byte 52 days old -- $NtUninstallKB914388$
06/02/2008 20.45.14 (DIR) 0 byte 52 days old -- $NtUninstallKB920670$
06/02/2008 20.45.16 (DIR) 0 byte 52 days old -- $NtUninstallKB920683$
06/02/2008 20.45.21 (DIR) 0 byte 52 days old -- $NtUninstallKB922582$
06/02/2008 20.45.24 (DIR) 0 byte 52 days old -- $NtUninstallKB916595$
06/02/2008 20.45.26 (DIR) 0 byte 52 days old -- $NtUninstallKB919007$
06/02/2008 20.45.29 (DIR) 0 byte 52 days old -- $NtUninstallKB920685$
06/02/2008 20.45.33 (DIR) 0 byte 52 days old -- $NtUninstallKB920872$
06/02/2008 20.45.35 (DIR) 0 byte 52 days old -- $NtUninstallKB923414$
06/02/2008 20.45.40 (DIR) 0 byte 52 days old -- $NtUninstallKB924496$
06/02/2008 20.45.43 (DIR) 0 byte 52 days old -- $NtUninstallKB923191$
06/02/2008 20.45.46 (DIR) 0 byte 52 days old -- $NtUninstallKB922819$
06/02/2008 20.45.49 (DIR) 0 byte 52 days old -- $NtUninstallKB924270$
06/02/2008 20.45.55 (DIR) 0 byte 52 days old -- $NtUninstallKB923980$
06/02/2008 20.45.58 (DIR) 0 byte 52 days old -- $NtUninstallKB926255$
06/02/2008 20.46.01 (DIR) 0 byte 52 days old -- $NtUninstallKB928255$
06/02/2008 20.46.06 (DIR) 0 byte 52 days old -- $NtUninstallKB928843$
06/02/2008 20.46.08 (DIR) 0 byte 52 days old -- $NtUninstallKB927802$
06/02/2008 20.46.10 (DIR) 0 byte 52 days old -- $NtUninstallKB924667$
06/02/2008 20.46.13 (DIR) 0 byte 52 days old -- $NtUninstallKB927779$
06/02/2008 20.46.16 (DIR) 0 byte 52 days old -- $NtUninstallKB918118$
06/02/2008 20.46.18 (DIR) 0 byte 52 days old -- $NtUninstallKB926436$
06/02/2008 20.46.22 (DIR) 0 byte 52 days old -- $NtUninstallKB925902$
06/02/2008 20.46.26 (DIR) 0 byte 52 days old -- $NtUninstallKB931784$
06/02/2008 20.46.31 (DIR) 0 byte 52 days old -- $NtUninstallKB930178$
06/02/2008 20.46.34 (DIR) 0 byte 52 days old -- $NtUninstallKB931261$
06/02/2008 20.46.36 (DIR) 0 byte 52 days old -- $NtUninstallKB932168$
06/02/2008 20.46.38 (DIR) 0 byte 52 days old -- $NtUninstallKB890046$
06/02/2008 20.46.42 (DIR) 0 byte 52 days old -- $NtUninstallKB920213$
06/02/2008 20.46.43 (DIR) 0 byte 52 days old -- $NtUninstallKB930916$
06/02/2008 20.46.47 (DIR) 0 byte 52 days old -- $NtUninstallKB927891$
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- $NtUninstallKB929123$
06/02/2008 20.46.54 (DIR) 0 byte 52 days old -- $NtUninstallKB935840$
06/02/2008 20.46.56 (DIR) 0 byte 52 days old -- $NtUninstallKB935839$
06/02/2008 20.47.03 (DIR) 0 byte 52 days old -- $NtUninstallKB925398_WMP64$
06/02/2008 20.47.05 (DIR) 0 byte 52 days old -- $NtUninstallKB938828$
06/02/2008 20.47.08 (DIR) 0 byte 52 days old -- $NtUninstallKB921503$
06/02/2008 20.47.11 (DIR) 0 byte 52 days old -- $NtUninstallKB938829$
06/02/2008 20.47.16 (DIR) 0 byte 52 days old -- $NtUninstallKB936782_WMP9$
06/02/2008 20.47.20 (DIR) 0 byte 52 days old -- $NtUninstallKB938127$
06/02/2008 20.47.23 (DIR) 0 byte 52 days old -- $NtUninstallKB936021$
06/02/2008 20.47.26 (DIR) 0 byte 52 days old -- $NtUninstallKB933729$
06/02/2008 20.47.28 (DIR) 0 byte 52 days old -- $NtUninstallKB941202$
06/02/2008 20.47.32 (DIR) 0 byte 52 days old -- $NtUninstallKB943460_0$
06/02/2008 20.48.37 (DIR) 0 byte 52 days old -- msagent
07/02/2008 12.21.40 (DIR) 0 byte 51 days old -- $NtUninstallKB904942$
07/02/2008 12.21.45 (DIR) 0 byte 51 days old -- $NtUninstallKB914440$
07/02/2008 12.21.46 (DIR) 0 byte 51 days old -- network diagnostic
07/02/2008 12.21.50 (DIR) 0 byte 51 days old -- $NtUninstallKB943460$
07/02/2008 12.22.16 (DIR) 0 byte 51 days old -- $NtUninstallKB915865$
07/02/2008 12.22.26 (DIR) 0 byte 51 days old -- $NtServicePackUninstallNLSDownlevelMapping$
07/02/2008 12.22.33 (DIR) 0 byte 51 days old -- $NtServicePackUninstallIDNMitigationAPIs$
07/02/2008 12.22.44 (DIR) 0 byte 51 days old -- ie7
07/02/2008 12.22.47 (DIR) 0 byte 51 days old -- Media
07/02/2008 12.22.49 (DIR) 0 byte 51 days old -- WBEM
07/02/2008 12.23.14 (DIR) 0 byte 51 days old -- ie7updates
07/02/2008 12.23.25 (DIR) 0 byte 51 days old -- $NtUninstallKB942763$
07/02/2008 12.23.29 (DIR) 0 byte 51 days old -- $NtUninstallKB941568$
07/02/2008 12.23.33 (DIR) 0 byte 51 days old -- $NtUninstallKB942615$
07/02/2008 12.23.36 (DIR) 0 byte 51 days old -- $NtUninstallKB944653$
07/02/2008 12.24.02 (DIR) 0 byte 51 days old -- $NtUninstallKB941569$
07/02/2008 12.24.04 (DIR) 0 byte 51 days old -- $NtUninstallKB941644$
07/02/2008 12.24.06 (DIR) 0 byte 51 days old -- $NtUninstallKB942840$
07/02/2008 12.24.09 (DIR) 0 byte 51 days old -- $NtUninstallKB943485$
07/02/2008 14.02.43 (DIR) 0 byte 51 days old -- $NtUninstallWudf01000$
07/02/2008 14.02.58 (DIR) 0 byte 51 days old -- $NtUninstallWMFDist11$
07/02/2008 14.03.04 316640 byte 51 days old -- WMSysPr9.prx
07/02/2008 14.03.19 (DIR) 0 byte 51 days old -- $NtUninstallwmp11$
07/02/2008 14.03.20 (DIR) 0 byte 51 days old -- Help
07/02/2008 14.03.28 (DIR) 0 byte 51 days old -- $NtUninstallMSCompPackV1$
07/02/2008 14.03.36 (DIR) 0 byte 51 days old -- $NtUninstallKB926239$
07/02/2008 14.08.36 (DIR) 0 byte 51 days old -- AppPatch
07/02/2008 16.20.50 (DIR) 0 byte 51 days old -- Downloaded Installations
08/02/2008 19.19.06 424 byte 50 days old -- ODBC.INI
09/02/2008 01.24.58 (DIR) 0 byte 49 days old -- $NtUninstallKB929399$
09/02/2008 01.25.05 (DIR) 0 byte 49 days old -- $NtUninstallKB936782_WMP11$
09/02/2008 01.25.13 (DIR) 0 byte 49 days old -- $NtUninstallKB939683$
09/02/2008 14.20.37 737280 byte 49 days old -- iun6002.exe
09/02/2008 17.12.50 70276 byte 49 days old -- ModemLog_SoftV92 Data Fax Modem.txt
10/02/2008 11.07.13 (DIR) 0 byte 48 days old -- Fonts
13/02/2008 10.19.46 (DIR) 0 byte 45 days old -- $NtUninstallKB946026$
13/02/2008 10.20.19 (DIR) 0 byte 45 days old -- $NtUninstallKB943055$
14/02/2008 17.19.56 (DIR) 0 byte 44 days old -- Cursors
19/02/2008 09.35.53 (DIR) 0 byte 39 days old -- WinSxS
18/03/2008 16.39.43 (DIR) 0 byte 11 days old -- Applian FLV Player
18/03/2008 17.08.09 (DIR) 0 byte 11 days old -- vbSkinner
20/03/2008 15.25.00 (DIR) 0 byte 9 days old -- $hf_mig$
28/03/2008 12.19.27 781 byte 1 days old -- win.ini
28/03/2008 20.33.58 14 byte 1 days old -- popcinfo.dat
29/03/2008 11.20.25 69 byte 0 days old -- NeroDigital.ini
29/03/2008 12.29.09 (DIR) 0 byte 0 days old -- Debug
29/03/2008 14.36.33 (DIR) 0 byte 0 days old -- Installer
29/03/2008 14.50.59 (DIR) 0 byte 0 days old -- inf
29/03/2008 14.51.00 (DIR) 0 byte 0 days old -- Downloaded Program Files
29/03/2008 14.51.00 4237 byte 0 days old -- setupapi.log
29/03/2008 15.23.36 (DIR) 0 byte 0 days old -- erdnt
29/03/2008 15.23.50 32608 byte 0 days old -- SchedLgU.Txt
29/03/2008 15.24.42 2048 byte 0 days old -- bootstat.dat
29/03/2008 15.24.48 50 byte 0 days old -- wiaservc.log
29/03/2008 15.24.48 1298867 byte 0 days old -- WindowsUpdate.log
29/03/2008 15.24.49 157 byte 0 days old -- wiadebug.log
29/03/2008 15.24.51 0 byte 0 days old -- 0.log
29/03/2008 15.25.37 227 byte 0 days old -- system.ini
29/03/2008 15.25.57 (DIR) 0 byte 0 days old -- Temp
29/03/2008 15.26.14 (DIR) 0 byte 0 days old -- Prefetch
29/03/2008 15.26.25 (DIR) 0 byte 0 days old -- system32
29/03/2008 15.26.54 7266 byte 0 days old -- ModemLog_PCI SoftV92 Speakerphone Modem.txt

----- recent files in C:\WINDOWS\Downloaded Program Files\
05/02/2008 22.43.43 65 byte 53 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 3076
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 3com_dmi
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1054
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 2052
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- dhcp
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- wins
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- IME
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- export
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1042
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1028
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1031
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- mui
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1025
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- inetsrv
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1041
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1037
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- ShellExt
05/02/2008 22.39.05 (DIR) 0 byte 53 days old -- spool
05/02/2008 22.40.56 (DIR) 0 byte 53 days old -- 1033
05/02/2008 22.40.57 (DIR) 0 byte 53 days old -- MsDtc
05/02/2008 22.41.07 (DIR) 0 byte 53 days old -- ias
05/02/2008 22.41.09 21840 byte 53 days old -- emptyregdb.dat
05/02/2008 22.41.54 (DIR) 0 byte 53 days old -- icsxml
05/02/2008 22.42.07 (DIR) 0 byte 53 days old -- Macromed
05/02/2008 22.42.16 (DIR) 0 byte 53 days old -- ras
05/02/2008 22.42.51 (DIR) 0 byte 53 days old -- 1040
05/02/2008 22.42.59 (DIR) 0 byte 53 days old -- oobe
05/02/2008 22.43.39 749 byte 53 days old -- nwc.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- wuaucpl.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- ncpa.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- sapi.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- cdplayer.exe.manifest
05/02/2008 22.43.43 488 byte 53 days old -- logonui.exe.manifest
05/02/2008 22.43.43 488 byte 53 days old -- WindowsLogon.manifest
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- xircom
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- wbem
05/02/2008 22.46.14 261 byte 53 days old -- $winnt$.inf
05/02/2008 22.46.55 (DIR) 0 byte 53 days old -- npp
05/02/2008 22.47.47 (DIR) 0 byte 53 days old -- usmt
05/02/2008 22.48.01 (DIR) 0 byte 53 days old -- Setup
05/02/2008 23.38.18 0 byte 53 days old -- h323log.txt
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- Microsoft
06/02/2008 00.27.54 (DIR) 0 byte 52 days old -- Restore
06/02/2008 08.21.50 13732 byte 52 days old -- wpa.bak
06/02/2008 08.49.57 (DIR) 0 byte 52 days old -- ReinstallBackups
06/02/2008 09.12.50 107888 byte 52 days old -- CmdLineExt.dll
06/02/2008 10.12.33 (DIR) 0 byte 52 days old -- SoftwareDistribution
06/02/2008 14.18.36 2934 byte 52 days old -- CONFIG.NT
06/02/2008 15.39.06 (DIR) 0 byte 52 days old -- PreInstall
06/02/2008 20.44.13 (DIR) 0 byte 52 days old -- Com
06/02/2008 21.22.42 345382 byte 52 days old -- perfh010.dat
06/02/2008 21.22.42 751592 byte 52 days old -- PerfStringBackup.INI
06/02/2008 21.22.42 311740 byte 52 days old -- perfh009.dat
06/02/2008 21.22.42 40128 byte 52 days old -- perfc009.dat
06/02/2008 21.22.42 47814 byte 52 days old -- perfc010.dat
07/02/2008 12.23.18 (DIR) 0 byte 51 days old -- it-it
07/02/2008 12.23.25 138684 byte 51 days old -- TZLog.log
07/02/2008 14.02.44 (DIR) 0 byte 51 days old -- LogFiles
07/02/2008 14.08.48 23392 byte 51 days old -- nscompat.tlb
07/02/2008 14.08.48 16832 byte 51 days old -- amcompat.tlb
07/02/2008 15.51.07 (DIR) 0 byte 51 days old -- DRVSTORE
09/02/2008 08.45.18 (DIR) 0 byte 49 days old -- CatRoot
10/02/2008 13.40.24 188200 byte 48 days old -- FNTCACHE.DAT
13/02/2008 10.20.21 (DIR) 0 byte 45 days old -- dllcache
14/02/2008 17.19.24 (DIR) 0 byte 44 days old -- DirectX
05/03/2008 17.30.54 19148408 byte 24 days old -- MRT.exe
29/03/2008 11.21.40 13732 byte 0 days old -- wpa.dbl
29/03/2008 14.36.34 188 byte 0 days old -- MsiExec.exe.log
29/03/2008 14.50.59 (DIR) 0 byte 0 days old -- Kaspersky Lab
29/03/2008 15.23.39 (DIR) 0 byte 0 days old -- config
29/03/2008 15.25.28 81191 byte 0 days old -- nvapps.xml
29/03/2008 15.26.06 (DIR) 0 byte 0 days old -- CatRoot2
29/03/2008 15.26.24 (DIR) 0 byte 0 days old -- drivers

----- recent files in C:\WINDOWS\system32\drivers\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- disdn
07/02/2008 14.03.01 (DIR) 0 byte 51 days old -- UMDF
07/02/2008 15.50.39 47360 byte 51 days old -- pcouffin.sys
29/03/2008 10.34.51 61632 byte 0 days old -- avipbb.sys
29/03/2008 15.25.26 (DIR) 0 byte 0 days old -- etc

----- recent files in C:\WINDOWS\temp\
29/03/2008 15.24.45 16384 byte 0 days old -- Perflib_Perfdata_488.dat
29/03/2008 15.25.38 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Programmi\
05/02/2008 22.40.17 (DIR) 0 byte 53 days old -- Windows NT
05/02/2008 22.40.30 (DIR) 0 byte 53 days old -- MSN Gaming Zone
05/02/2008 22.41.03 (DIR) 0 byte 53 days old -- ComPlus Applications
05/02/2008 22.41.58 (DIR) 0 byte 53 days old -- Movie Maker
05/02/2008 22.42.24 (DIR) 0 byte 53 days old -- NetMeeting
05/02/2008 22.43.33 (DIR) 0 byte 53 days old -- Servizi in linea
05/02/2008 22.43.36 (DIR) 0 byte 53 days old -- WindowsUpdate
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- microsoft frontpage
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- xerox
06/02/2008 07.50.25 (DIR) 0 byte 52 days old -- Uninstall Information
06/02/2008 08.51.11 (DIR) 0 byte 52 days old -- DIFX
06/02/2008 08.53.08 (DIR) 0 byte 52 days old -- Analog Devices
06/02/2008 08.56.12 (DIR) 0 byte 52 days old -- InstallShield Installation Information
06/02/2008 09.03.42 (DIR) 0 byte 52 days old -- Sports Interactive
06/02/2008 09.03.42 (DIR) 0 byte 52 days old -- Zero G Registry
06/02/2008 14.18.27 (DIR) 0 byte 52 days old -- Alwil Software
06/02/2008 19.17.03 (DIR) 0 byte 52 days old -- Microsoft Office
06/02/2008 19.17.28 (DIR) 0 byte 52 days old -- Microsoft.NET
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- Outlook Express
06/02/2008 20.48.36 (DIR) 0 byte 52 days old -- Messenger
07/02/2008 12.30.48 (DIR) 0 byte 51 days old -- Microsoft Silverlight
07/02/2008 14.03.23 (DIR) 0 byte 51 days old -- Windows Media Connect 2
07/02/2008 14.08.36 (DIR) 0 byte 51 days old -- Windows Media Player
07/02/2008 15.50.57 (DIR) 0 byte 51 days old -- Windows Live
09/02/2008 14.20.14 (DIR) 0 byte 49 days old -- Virgilio Toolbar
09/02/2008 14.55.17 (DIR) 0 byte 49 days old -- C6 Messenger
09/02/2008 17.13.05 (DIR) 0 byte 49 days old -- CONEXANT
12/02/2008 19.52.43 (DIR) 0 byte 46 days old -- IrfanView
13/02/2008 12.58.58 (DIR) 0 byte 45 days old -- Internet Explorer
14/02/2008 17.08.24 (DIR) 0 byte 44 days old -- Ahead
19/02/2008 09.35.53 (DIR) 0 byte 39 days old -- MSXML 4.0
01/03/2008 11.02.16 (DIR) 0 byte 28 days old -- CViewer
07/03/2008 08.45.45 (DIR) 0 byte 22 days old -- Hattrick Control
18/03/2008 16.39.44 (DIR) 0 byte 11 days old -- FLV Player
19/03/2008 20.27.39 (DIR) 0 byte 10 days old -- eMule2
21/03/2008 13.27.55 (DIR) 0 byte 8 days old -- DNA
21/03/2008 13.34.05 (DIR) 0 byte 8 days old -- BitTorrent
21/03/2008 17.48.47 (DIR) 0 byte 8 days old -- Control Viewer
26/03/2008 12.42.19 (DIR) 0 byte 3 days old -- WinRAR
29/03/2008 09.59.33 (DIR) 0 byte 0 days old -- Avira
29/03/2008 10.47.31 (DIR) 0 byte 0 days old -- PFConfig
29/03/2008 12.28.22 (DIR) 0 byte 0 days old -- CCleaner
29/03/2008 14.03.01 (DIR) 0 byte 0 days old -- RogueRemover FREE
29/03/2008 14.26.01 (DIR) 0 byte 0 days old -- Trend Micro
29/03/2008 14.29.46 (DIR) 0 byte 0 days old -- eMule
29/03/2008 14.36.13 (DIR) 0 byte 0 days old -- File comuni
29/03/2008 14.37.05 (DIR) 0 byte 0 days old -- DVDFab Platinum 3
29/03/2008 15.07.01 (DIR) 0 byte 0 days old -- FPA

----- recent files in C:\Programmi\File comuni\
05/02/2008 22.42.16 (DIR) 0 byte 53 days old -- MSSoap
05/02/2008 22.42.23 (DIR) 0 byte 53 days old -- Services
05/02/2008 22.50.18 (DIR) 0 byte 53 days old -- SpeechEngines
05/02/2008 22.50.22 (DIR) 0 byte 53 days old -- ODBC
06/02/2008 08.09.01 (DIR) 0 byte 52 days old -- InstallShield
06/02/2008 08.56.18 (DIR) 0 byte 52 days old -- snpstd
06/02/2008 19.17.02 (DIR) 0 byte 52 days old -- DESIGNER
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- System
07/02/2008 14.37.46 (DIR) 0 byte 51 days old -- WindowsLiveInstaller
10/02/2008 11.07.00 (DIR) 0 byte 48 days old -- Microsoft Shared

----- recent files in C:\Documents and Settings\Valerio\Dati applicazioni\
05/02/2008 22.49.43 62 byte 53 days old -- desktop.ini
06/02/2008 07.50.26 (DIR) 0 byte 52 days old -- Identities
06/02/2008 09.12.50 (DIR) 0 byte 52 days old -- SecuROM
07/02/2008 15.52.47 (DIR) 0 byte 51 days old -- Adobe
07/02/2008 15.54.33 (DIR) 0 byte 51 days old -- Macromedia
07/02/2008 19.25.58 (DIR) 0 byte 51 days old -- WinRAR
07/02/2008 19.27.27 (DIR) 0 byte 51 days old -- Sports Interactive
14/02/2008 17.21.15 (DIR) 0 byte 44 days old -- Nero
20/02/2008 09.51.34 (DIR) 0 byte 38 days old -- Microsoft
16/03/2008 19.24.37 (DIR) 0 byte 13 days old -- eMule
21/03/2008 14.15.11 (DIR) 0 byte 8 days old -- BitTorrent
29/03/2008 14.37.04 47360 byte 0 days old -- pcouffin.sys
29/03/2008 14.37.04 7887 byte 0 days old -- pcouffin.cat
29/03/2008 14.37.04 1144 byte 0 days old -- pcouffin.inf
29/03/2008 14.37.05 (DIR) 0 byte 0 days old -- Vso
29/03/2008 14.37.05 33 byte 0 days old -- pcouffin.log
29/03/2008 15.23.43 (DIR) 0 byte 0 days old -- DNA

----- recent files in C:\DOCUME~1\Valerio\IMPOST~1\Temp\
29/03/2008 15.26.47 16384 byte 0 days old -- ~DFC1E8.tmp
29/03/2008 15.26.47 54 byte 0 days old -- systemscan.ini
29/03/2008 15.26.55 (DIR) 0 byte 0 days old -- nsg3.tmp

===================== Duplicated files in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\WINDOWS\system32\sw20.exe"
"SW24"="C:\WINDOWS\system32\sw24.exe"
"WinSys2"="C:\WINDOWS\system32\winsys2.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe"
"SoundMAX"="\"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe\" /tray"
"CameraFixer"="C:\WINDOWS\CameraFixer.exe"
"snpstd"="C:\WINDOWS\vsnpstd.exe"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"NBKeyScan"="\"C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe\""
"avgnt"="\"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"

[run\OptionalComponents]

[run\OptionalComponents\IMAIL]
"Installed"="1"

[run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe\""
"msnmsgr"="\"C:\Programmi\Windows Live\Messenger\msnmsgr.exe\" /background"
"BitTorrent DNA"="\"C:\Programmi\DNA\btdna.exe\""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00002cdf

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe"="C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\ESUpdate.exe"="C:\WINDOWS\ESUpdate.exe:*:Enabled:Virgilio Toolbar"
"C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe"="C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe:*:Enabled:C6 Scambia File"
"C:\Programmi\C6 Messenger\c6Messenger.exe"="C:\Programmi\C6 Messenger\c6Messenger.exe:*:Enabled:C6 Messenger"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\eMule2\emule.exe"="C:\Programmi\eMule2\emule.exe:*:Enabled:eMuleMorphXT"
"C:\Programmi\DNA\btdna.exe"="C:\Programmi\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programmi\BitTorrent\bittorrent.exe"="C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

[AU]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{D1FF7F4A-899A-42AB-8588-03237D4456D8}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\RogueRemover Free]

[VB and VBA Program Settings\RogueRemover Free\Run]

[VB and VBA Program Settings\vbSkinner Pro 2]

[VB and VBA Program Settings\vbSkinner Pro 2\C:]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi\PFConfig]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi\PFConfig\PFConfig.exe]

[VB and VBA Program Settings\vbSkinner Pro 2\Msgbox_Captions]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
"@="Aggiornamento della protezione per Windows XP (KB923789)"
"ComponentID"="KB923789"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {CEDCC9D8-A663-492A-AE05-FA6CBB276160} REG_BINARY 0F000000000000000000000000000000AF51EE47F9000000000000000000000000000000AF51EE4701000000000000000000000000000000AF51EE472B000000000000000000000000000000AF51EE472C000000000000000000000000000000AF51EE4706000000000000000000000000000000AF51EE47
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {CEDCC9D8-A663-492A-AE05-FA6CBB276160} REG_BINARY 0F000000000000000000000000000000854EEE47F9000000000000000000000000000000854EEE4701000000000000000000000000000000854EEE472B000000000000000000000000000000854EEE472C000000000000000000000000000000854EEE4706000000000000000000000000000000854EEE47
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11487 (0x2CDF)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 11477 (0x2CD5)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Programmi\MSN BackUp\MSNBackup.exe REG_SZ C:\Programmi\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NTEContextList REG_MULTI_SZ 0x00000003\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpIPAddress REG_SZ 62.11.16.191
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NameServer REG_SZ 213.205.36.70 213.205.32.70
> Value: HKEY_

[bdoriano]

Vedo che combofix ha eliminato un paio di voci.

• Disabilita il tuo antivirus
  
• Fai una scansione online con Bitdefender.
  
• Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[maddog79]

AntiVir PersonalEdition Classic
Report file date: sabato 29 marzo 2008 15:31

Scanning for 1169688 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Valerio
Computer name: CASA-VALERIO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:34:50
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 09:34:50
ANTIVIR3.VDF : 7.0.3.92 20480 Bytes 28/03/2008 09:34:50
AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 29/03/2008 09:34:51
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/03/2008 09:34:51
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\programmi\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: sabato 29 marzo 2008 15:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'runme.exe' - '1' Module(s) have been scanned
Scan process 'sys93255.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
Scan process 'CameraFixer.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'WinSys2.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Valerio\Desktop\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> 327882R2FWJFW\psexec.cfexe
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
--> 327882R2FWJFW\pv.cfexe
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[INFO] The file was deleted!
C:\Documents and Settings\Valerio\Desktop\antivirus\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was deleted!
C:\Documents and Settings\Valerio\Impostazioni locali\Temp\nsg3.tmp\dxqmjct.exe
[DETECTION] Contains detection pattern of the SPR/Avenger program
[INFO] The file was deleted!


End of the scan: sabato 29 marzo 2008 15:40
Used time: 08:27 min

The scan has been done completely.

2195 Scanning directories
113940 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
113935 Files not concerned
573 Archives were scanned
1 Warnings
0 Notes

[maddog79]

ecco il link della scansione online kaspersky: link

[maddog79]

mitico bdoriano,ho fatto cio' che mi hai detto,e ora che fo?

[bdoriano]

Purtroppo, 4MB di log non è di facile lettura (anzi)

• Disabilita il ripristino di sistema.
  
• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner (passaggio obbligatorio)
  
• Chiudi messenger e tutti gli altri programmi (altro passaggio obbligatorio)
  
• Ri-collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[maddog79]

ora la scansione online kaspersky non mi da ne virus ne file sopspetti,ma solo qualche file bloccato: link

[bdoriano]

No, ancora non ci siamo.
I files temporanei e i cookies di internet non risultano cancellati.
In più, risulta attivo Windows Live durante la scansione, il che aumenta le informazioni inutili nel log.
Siamo passati da 4,12MB a 4,64MB... il log, in queste condizioni, non è leggibile.
Spiacente.

[maddog79]

ultimo tentativo,meglio di così non posso fare
link

[bdoriano]

Decisamente meglio.

Vedo parecchi oggetti bloccati, probabilmente dovuto al fatto che ci sono almeno 2 utenti sul pc (protetti da password).
Dovresti fare i controlli anche dal secondo utente, per vedere se viene trovato ancora qualcosa. Ovviamente, prima, fai tutte le pulizie con CCleaner e ATFCleaner.

Giusto per completezza di informazione, con quale utente hai fatto i controlli? (linda o valerio)?

[maddog79]

li ho fatti con valerio,ora li vado a fare con linda e poi riporto il link della scansione