Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Virus che mi da errore quando apro cartelle e filmati
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 29 Mar 2008 12:21    Oggetto: Virus che mi da errore quando apro cartelle e filmati Rispondi citando
Salve a tutti,ho preso un virus che,quando tento di aprire un filmato o una cartella mi da errore,nella maggior parte di internet explorer.Qualcuno conosce questo virus e puo' suggerirmi un efficace rimedio?graize
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 29 Mar 2008 12:31    Oggetto: Rispondi citando
La diagnosi con la sfera di cristallo mi riesce maluccio... Razz

Fai queste operazioni:
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 29 Mar 2008 14:56    Oggetto: Rispondi citando
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/03/09 20:10:13

Norman Scanner Engine Version: 5.91.10
Nvcbin.def Version: 5.90.00, Date: 2008/03/09 20:10:13, Variants: 1383781

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 2
Logged on user: CASA-VALERIO\Valerio


Scan started: 29/03/2008 13:34:17


Scanning running processes and process memory...

Number of processes/threads found: 2275
Number of processes/threads scanned: 2275
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 22s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown0 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown1 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown2 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown3 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown4 (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Linda\Impostazioni locali\Temporary Internet Files\Content.IE5\1Q8V3P8Z\0067059651_000633359561276686973[1].mct/unknown5 (Error whilst scanning file: I/O Error)

C:\Programmi\DVDFab Platinum 3\DVDFabPlatinum.exe (Infected with W32/Suspicious_N.gen)
Deleted file

C:\Programmi\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Programmi\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

C:\System Volume Information\_RESTO~1\RP66\A0016908.exe (Infected with W32/Suspicious_N.gen)
Deleted file

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:
Failed to set registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Number of files found: 73243
Number of archives unpacked: 313
Number of files scanned: 73205
Number of files not scanned: 38
Number of files skipped due to exclude list: 0
Number of infected files found: 3
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 15m 57s
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 29 Mar 2008 15:27    Oggetto: Rispondi citando
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.26.12, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202288280468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202296154062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDCC9D8-A663-492A-AE05-FA6CBB276160}: NameServer = 213.205.36.70 213.205.32.70
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6770 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 29 Mar 2008 15:41    Oggetto: Rispondi citando
Qualcosa si vede, ma manca il log di combofix. Razz
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 29 Mar 2008 15:58    Oggetto: Rispondi citando
all'apertura di combofix mi dice che ci sono dei virus e non me lo fa partire
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 29 Mar 2008 16:04    Oggetto: Rispondi citando
Shocked

Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 29 Mar 2008 16:28    Oggetto: Rispondi citando
ComboFix 08-03-27.5 - Valerio 2008-03-29 15.23.04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1612 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Valerio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Valerio\Dati applicazioni\inst.exe
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Creati Da 2008-02-28 al 2008-03-29 )))))))))))))))))))))))))))))))))))
.

2008-03-29 14:51 . 2008-03-29 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-03-29 14:50 . 2008-03-29 14:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 14:26 . 2008-03-29 14:26 <DIR> d-------- C:\Programmi\Trend Micro
2008-03-29 14:02 . 2008-03-29 14:03 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-03-29 12:28 . 2008-03-29 12:28 <DIR> d-------- C:\Programmi\CCleaner
2008-03-29 09:59 . 2008-03-29 09:59 <DIR> d-------- C:\Programmi\Avira
2008-03-29 09:59 . 2008-03-29 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-03-21 17:48 . 2008-03-21 17:48 <DIR> d-------- C:\Programmi\Control Viewer
2008-03-21 13:28 . 2008-03-21 14:15 <DIR> d-------- C:\Documents and Settings\Valerio\Dati applicazioni\BitTorrent
2008-03-21 13:27 . 2008-03-21 13:27 <DIR> d-------- C:\Programmi\DNA
2008-03-21 13:27 . 2008-03-21 13:34 <DIR> d-------- C:\Programmi\BitTorrent
2008-03-21 13:27 . 2008-03-29 15:23 <DIR> d-------- C:\Documents and Settings\Valerio\Dati applicazioni\DNA
2008-03-18 19:32 . 2008-03-19 20:27 <DIR> d-------- C:\Programmi\eMule2
2008-03-18 17:08 . 2008-03-18 17:08 <DIR> d-------- C:\WINDOWS\vbSkinner
2008-03-18 17:08 . 2008-03-29 10:47 <DIR> d-------- C:\Programmi\PFConfig
2008-03-18 16:39 . 2008-03-18 16:39 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-03-18 16:39 . 2008-03-18 16:39 <DIR> d-------- C:\Programmi\FLV Player
2008-03-16 21:51 . 2008-03-16 21:51 244 --ah----- C:\sqmnoopt19.sqm
2008-03-16 21:51 . 2008-03-16 21:51 232 --ah----- C:\sqmdata19.sqm
2008-03-16 20:17 . 2008-03-16 20:17 244 --ah----- C:\sqmnoopt18.sqm
2008-03-16 20:17 . 2008-03-16 20:17 232 --ah----- C:\sqmdata18.sqm
2008-03-16 19:24 . 2008-03-29 14:29 <DIR> d-------- C:\Programmi\eMule
2008-03-16 19:24 . 2008-03-16 19:24 <DIR> d-------- C:\Documents and Settings\Valerio\Dati applicazioni\eMule
2008-03-16 15:01 . 2008-03-16 15:01 244 --ah----- C:\sqmnoopt17.sqm
2008-03-16 15:01 . 2008-03-16 15:01 232 --ah----- C:\sqmdata17.sqm
2008-03-15 19:08 . 2008-03-15 19:08 244 --ah----- C:\sqmnoopt16.sqm
2008-03-15 19:08 . 2008-03-15 19:08 232 --ah----- C:\sqmdata16.sqm
2008-03-15 12:05 . 2008-03-15 12:05 244 --ah----- C:\sqmnoopt15.sqm
2008-03-15 12:05 . 2008-03-15 12:05 232 --ah----- C:\sqmdata15.sqm
2008-03-14 19:30 . 2008-03-14 19:30 244 --ah----- C:\sqmnoopt14.sqm
2008-03-14 19:30 . 2008-03-14 19:30 232 --ah----- C:\sqmdata14.sqm
2008-03-13 20:37 . 2008-03-13 20:37 244 --ah----- C:\sqmnoopt13.sqm
2008-03-13 20:37 . 2008-03-13 20:37 232 --ah----- C:\sqmdata13.sqm
2008-03-13 17:20 . 2008-03-13 17:20 244 --ah----- C:\sqmnoopt12.sqm
2008-03-13 17:20 . 2008-03-13 17:20 232 --ah----- C:\sqmdata12.sqm
2008-03-12 23:34 . 2008-03-12 23:34 244 --ah----- C:\sqmnoopt11.sqm
2008-03-12 23:34 . 2008-03-12 23:34 232 --ah----- C:\sqmdata11.sqm
2008-03-12 19:20 . 2008-03-12 19:20 244 --ah----- C:\sqmnoopt10.sqm
2008-03-12 19:20 . 2008-03-12 19:20 232 --ah----- C:\sqmdata10.sqm
2008-03-12 16:23 . 2008-03-12 16:23 244 --ah----- C:\sqmnoopt09.sqm
2008-03-12 16:23 . 2008-03-12 16:23 232 --ah----- C:\sqmdata09.sqm
2008-03-11 22:10 . 2008-03-19 20:29 244 --ah----- C:\sqmnoopt08.sqm
2008-03-11 22:10 . 2008-03-19 20:29 232 --ah----- C:\sqmdata08.sqm
2008-03-11 18:21 . 2008-03-19 18:39 244 --ah----- C:\sqmnoopt07.sqm
2008-03-11 18:21 . 2008-03-19 18:39 232 --ah----- C:\sqmdata07.sqm
2008-03-10 20:24 . 2008-03-19 17:29 244 --ah----- C:\sqmnoopt06.sqm
2008-03-10 20:24 . 2008-03-19 17:29 232 --ah----- C:\sqmdata06.sqm
2008-03-10 15:54 . 2008-03-18 20:38 244 --ah----- C:\sqmnoopt05.sqm
2008-03-10 15:54 . 2008-03-18 20:38 232 --ah----- C:\sqmdata05.sqm
2008-03-10 11:05 . 2008-03-17 20:27 244 --ah----- C:\sqmnoopt04.sqm
2008-03-10 11:05 . 2008-03-17 20:27 232 --ah----- C:\sqmdata04.sqm
2008-03-09 23:58 . 2008-03-17 16:40 244 --ah----- C:\sqmnoopt03.sqm
2008-03-09 23:58 . 2008-03-17 16:40 232 --ah----- C:\sqmdata03.sqm
2008-03-09 11:57 . 2008-03-17 13:44 244 --ah----- C:\sqmnoopt02.sqm
2008-03-09 11:57 . 2008-03-17 13:44 232 --ah----- C:\sqmdata02.sqm
2008-03-08 20:28 . 2008-03-17 09:37 244 --ah----- C:\sqmnoopt01.sqm
2008-03-08 20:28 . 2008-03-17 09:37 232 --ah----- C:\sqmdata01.sqm
2008-03-08 17:47 . 2008-03-17 07:05 244 --ah----- C:\sqmnoopt00.sqm
2008-03-08 17:47 . 2008-03-17 07:05 232 --ah----- C:\sqmdata00.sqm
2008-03-01 10:58 . 2008-03-01 11:02 <DIR> d-------- C:\Programmi\CViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 14:07 --------- d-----w C:\Programmi\FPA
2008-03-29 13:37 47,360 ----a-w C:\Documents and Settings\Valerio\Dati applicazioni\pcouffin.sys
2008-03-29 13:37 --------- d-----w C:\Programmi\DVDFab Platinum 3
2008-03-29 13:37 --------- d-----w C:\Documents and Settings\Valerio\Dati applicazioni\Vso
2008-03-29 13:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-03-07 07:45 --------- d-----w C:\Programmi\Hattrick Control
2008-02-19 08:35 --------- d-----w C:\Programmi\MSXML 4.0
2008-02-14 16:21 --------- d-----w C:\Documents and Settings\Valerio\Dati applicazioni\Nero
2008-02-14 16:08 --------- d-----w C:\Programmi\Ahead
2008-02-12 18:52 --------- d-----w C:\Programmi\IrfanView
2008-02-09 16:13 --------- d-----w C:\Programmi\CONEXANT
2008-02-09 13:55 --------- d-----w C:\Programmi\C6 Messenger
2008-02-09 13:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-09 13:20 --------- d-----w C:\Programmi\Virgilio Toolbar
2008-02-07 18:27 --------- d-----w C:\Documents and Settings\Valerio\Dati applicazioni\Sports Interactive
2008-02-07 17:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-07 14:50 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-07 14:50 --------- d-----w C:\Programmi\Windows Live
2008-02-07 13:37 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-07 13:03 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-02-07 11:30 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-02-06 18:17 --------- d-----w C:\Programmi\Microsoft.NET
2008-02-06 13:18 --------- d-----w C:\Programmi\Alwil Software
2008-02-06 13:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NVIDIA
2008-02-06 08:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-06 08:12 --------- d--h--r C:\Documents and Settings\Valerio\Dati applicazioni\SecuROM
2008-02-06 08:03 --------- d--h--w C:\Programmi\Zero G Registry
2008-02-06 08:03 --------- d-----w C:\Programmi\Sports Interactive
2008-02-06 07:56 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-06 07:56 --------- d-----w C:\Programmi\File comuni\snpstd
2008-02-06 07:53 --------- d-----w C:\Programmi\Analog Devices
2008-02-06 07:51 --------- d-----w C:\Programmi\DIFX
2008-02-06 07:09 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-02-05 21:44 --------- d-----w C:\Programmi\microsoft frontpage
2008-02-05 21:43 --------- d-----w C:\Programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-03-28 11:42 288576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 11:13 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 11:14 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 07:37 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 13:08 20480]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 13:54 339968]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 10:34 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\ESUpdate.exe"=
"C:\\Programmi\\C6 Messenger\\plugin\\fsmodule\\C6FileSharing.exe"=
"C:\\Programmi\\C6 Messenger\\c6Messenger.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\eMule2\\emule.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 15:25:38
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-29 15:26:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 14:26:19
7 Directory 236,813,590,528 byte disponibili
10 Directory 236,757,725,184 byte disponibili
.
2008-03-21 14:29:51 --- E O F ---
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 29 Mar 2008 16:34    Oggetto: Rispondi citando
SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Valerio\Desktop\sys93255.exe
Running in: User mode
Date: 29/03/2008
Time: 15.26.55

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include hijackthis.log

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Linda
| SUPPORT_388945a0 (Disabled)
Yes | Valerio

### users folders

05/02/2008 22.43.49 (DIR) 0 byte 53 days old -- All Users
05/02/2008 22.46.45 (DIR) 0 byte 53 days old -- NetworkService
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- LocalService
07/02/2008 16.08.30 (DIR) 0 byte 51 days old -- Default User
28/03/2008 17.21.14 (DIR) 0 byte 1 days old -- Linda
29/03/2008 15.23.48 (DIR) 0 byte 0 days old -- Valerio

### startup files in users folders

C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Valerio\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== Recent files (60 days old) =====================

----- recent files in C:\
05/02/2008 22.44.27 0 byte 53 days old -- CONFIG.SYS
05/02/2008 22.44.27 0 byte 53 days old -- IO.SYS
05/02/2008 22.44.27 0 byte 53 days old -- MSDOS.SYS
05/02/2008 22.44.27 0 byte 53 days old -- AUTOEXEC.BAT
06/02/2008 00.27.54 (DIR) 0 byte 52 days old -- System Volume Information
06/02/2008 08.50.43 223 byte 52 days old -- boot.ini
06/02/2008 21.21.28 (DIR) 0 byte 52 days old -- Documents and Settings
08/02/2008 20.37.02 (DIR) 0 byte 50 days old -- RECYCLER
10/02/2008 17.06.43 (DIR) 0 byte 48 days old -- Program Files
12/03/2008 16.23.08 244 byte 17 days old -- sqmnoopt09.sqm
12/03/2008 16.23.08 232 byte 17 days old -- sqmdata09.sqm
12/03/2008 19.20.55 232 byte 17 days old -- sqmdata10.sqm
12/03/2008 19.20.55 244 byte 17 days old -- sqmnoopt10.sqm
12/03/2008 23.34.29 244 byte 17 days old -- sqmnoopt11.sqm
12/03/2008 23.34.29 232 byte 17 days old -- sqmdata11.sqm
13/03/2008 17.20.39 244 byte 16 days old -- sqmnoopt12.sqm
13/03/2008 17.20.39 232 byte 16 days old -- sqmdata12.sqm
13/03/2008 20.37.11 244 byte 16 days old -- sqmnoopt13.sqm
13/03/2008 20.37.11 232 byte 16 days old -- sqmdata13.sqm
14/03/2008 19.30.07 244 byte 15 days old -- sqmnoopt14.sqm
14/03/2008 19.30.07 232 byte 15 days old -- sqmdata14.sqm
15/03/2008 12.05.10 244 byte 14 days old -- sqmnoopt15.sqm
15/03/2008 12.05.10 232 byte 14 days old -- sqmdata15.sqm
15/03/2008 19.08.40 232 byte 14 days old -- sqmdata16.sqm
15/03/2008 19.08.40 244 byte 14 days old -- sqmnoopt16.sqm
16/03/2008 15.01.52 232 byte 13 days old -- sqmdata17.sqm
16/03/2008 15.01.52 244 byte 13 days old -- sqmnoopt17.sqm
16/03/2008 20.17.36 244 byte 13 days old -- sqmnoopt18.sqm
16/03/2008 20.17.36 232 byte 13 days old -- sqmdata18.sqm
16/03/2008 21.51.16 244 byte 13 days old -- sqmnoopt19.sqm
16/03/2008 21.51.16 232 byte 13 days old -- sqmdata19.sqm
17/03/2008 07.05.51 232 byte 12 days old -- sqmdata00.sqm
17/03/2008 07.05.51 244 byte 12 days old -- sqmnoopt00.sqm
17/03/2008 09.37.11 232 byte 12 days old -- sqmdata01.sqm
17/03/2008 09.37.11 244 byte 12 days old -- sqmnoopt01.sqm
17/03/2008 13.44.13 244 byte 12 days old -- sqmnoopt02.sqm
17/03/2008 13.44.13 232 byte 12 days old -- sqmdata02.sqm
17/03/2008 16.40.58 244 byte 12 days old -- sqmnoopt03.sqm
17/03/2008 16.40.58 232 byte 12 days old -- sqmdata03.sqm
17/03/2008 20.27.43 244 byte 12 days old -- sqmnoopt04.sqm
17/03/2008 20.27.43 232 byte 12 days old -- sqmdata04.sqm
18/03/2008 20.38.03 232 byte 11 days old -- sqmdata05.sqm
18/03/2008 20.38.03 244 byte 11 days old -- sqmnoopt05.sqm
19/03/2008 17.29.10 232 byte 10 days old -- sqmdata06.sqm
19/03/2008 17.29.10 244 byte 10 days old -- sqmnoopt06.sqm
19/03/2008 18.39.10 244 byte 10 days old -- sqmnoopt07.sqm
19/03/2008 18.39.11 232 byte 10 days old -- sqmdata07.sqm
19/03/2008 20.29.38 232 byte 10 days old -- sqmdata08.sqm
19/03/2008 20.29.38 244 byte 10 days old -- sqmnoopt08.sqm
28/03/2008 12.19.06 230424 byte 1 days old -- img1-001.raw
29/03/2008 13.42.00 518 byte 0 days old -- InfoSat.txt
29/03/2008 14.36.13 (DIR) 0 byte 0 days old -- Programmi
29/03/2008 15.11.41 (DIR) 0 byte 0 days old -- Config.Msi
29/03/2008 15.24.41 2145386496 byte 0 days old -- pagefile.sys
29/03/2008 15.25.28 53 byte 0 days old -- biosinfo
29/03/2008 15.25.37 (DIR) 0 byte 0 days old -- WINDOWS
29/03/2008 15.26.19 (DIR) 0 byte 0 days old -- QooBox
29/03/2008 15.26.22 11853 byte 0 days old -- ComboFix.txt
29/03/2008 15.26.55 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- mui
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- msapps
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Driver Cache
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Config
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- addins
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Provisioning
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Connection Wizard
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- repair
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- java
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Resources
05/02/2008 22.41.02 37 byte 53 days old -- vbaddin.ini
05/02/2008 22.41.02 36 byte 53 days old -- vb.ini
05/02/2008 22.41.46 (DIR) 0 byte 53 days old -- pchealth
05/02/2008 22.42.41 (DIR) 0 byte 53 days old -- twain_32
05/02/2008 22.43.27 (DIR) 0 byte 53 days old -- srchasst
05/02/2008 22.43.39 749 byte 53 days old -- WindowsShell.Manifest
05/02/2008 22.43.43 (DIR) 0 byte 53 days old -- Offline Web Pages
05/02/2008 22.43.45 (DIR) 0 byte 53 days old -- Web
05/02/2008 22.44.13 (DIR) 0 byte 53 days old -- Registration
05/02/2008 22.44.17 4161 byte 53 days old -- ODBCINST.INI
05/02/2008 22.44.27 0 byte 53 days old -- control.ini
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- ime
05/02/2008 22.46.48 8192 byte 53 days old -- REGLOCS.OLD
05/02/2008 22.47.14 (DIR) 0 byte 53 days old -- PeerNet
05/02/2008 22.52.03 0 byte 53 days old -- Sti_Trace.log
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- Tasks
06/02/2008 03.00.23 (DIR) 0 byte 52 days old -- security
06/02/2008 08.12.04 (DIR) 0 byte 52 days old -- nview
06/02/2008 08.13.47 0 byte 52 days old -- msicpl.ini
06/02/2008 08.30.40 25044 byte 52 days old -- Ascd_tmp.ini
06/02/2008 08.48.16 (DIR) 0 byte 52 days old -- AsDmiHtm
06/02/2008 08.52.22 (DIR) 0 byte 52 days old -- $NtUninstallKB888111WXPSP2$
06/02/2008 08.53.52 0 byte 52 days old -- AS_Debug.txt
06/02/2008 10.17.51 (DIR) 0 byte 52 days old -- SoftwareDistribution
06/02/2008 15.39.01 (DIR) 0 byte 52 days old -- $MSI31Uninstall_KB893803v2$
06/02/2008 15.39.05 (DIR) 0 byte 52 days old -- $NtUninstallKB898461$
06/02/2008 19.15.05 (DIR) 0 byte 52 days old -- system
06/02/2008 19.17.24 (DIR) 0 byte 52 days old -- SHELLNEW
06/02/2008 20.43.24 (DIR) 0 byte 52 days old -- $NtUninstallKB873339$
06/02/2008 20.43.28 (DIR) 0 byte 52 days old -- $NtUninstallKB886185$
06/02/2008 20.43.31 (DIR) 0 byte 52 days old -- $NtUninstallKB885836$
06/02/2008 20.43.33 (DIR) 0 byte 52 days old -- $NtUninstallKB888302$
06/02/2008 20.43.35 (DIR) 0 byte 52 days old -- $NtUninstallKB887472$
06/02/2008 20.43.38 (DIR) 0 byte 52 days old -- $NtUninstallKB891781$
06/02/2008 20.43.41 (DIR) 0 byte 52 days old -- $NtUninstallKB885835$
06/02/2008 20.43.44 (DIR) 0 byte 52 days old -- $NtUninstallKB896428$
06/02/2008 20.43.47 (DIR) 0 byte 52 days old -- $NtUninstallKB901214$
06/02/2008 20.43.50 (DIR) 0 byte 52 days old -- $NtUninstallKB890859$
06/02/2008 20.43.55 (DIR) 0 byte 52 days old -- $NtUninstallKB896358$
06/02/2008 20.43.57 (DIR) 0 byte 52 days old -- $NtUninstallKB893756$
06/02/2008 20.44.00 (DIR) 0 byte 52 days old -- $NtUninstallKB899591$
06/02/2008 20.44.03 (DIR) 0 byte 52 days old -- $NtUninstallKB899587$
06/02/2008 20.44.05 (DIR) 0 byte 52 days old -- $NtUninstallKB896423$
06/02/2008 20.44.08 (DIR) 0 byte 52 days old -- $NtUninstallKB894391$
06/02/2008 20.44.11 (DIR) 0 byte 52 days old -- $NtUninstallKB902400$
06/02/2008 20.44.17 (DIR) 0 byte 52 days old -- $NtUninstallKB901017$
06/02/2008 20.44.20 (DIR) 0 byte 52 days old -- $NtUninstallKB905414$
06/02/2008 20.44.22 (DIR) 0 byte 52 days old -- $NtUninstallKB905749$
06/02/2008 20.44.25 (DIR) 0 byte 52 days old -- $NtUninstallKB900725$
06/02/2008 20.44.30 (DIR) 0 byte 52 days old -- $NtUninstallKB910437$
06/02/2008 20.44.33 (DIR) 0 byte 52 days old -- $NtUninstallKB908519$
06/02/2008 20.44.35 (DIR) 0 byte 52 days old -- $NtUninstallKB911927$
06/02/2008 20.44.42 (DIR) 0 byte 52 days old -- $NtUninstallKB911564$
06/02/2008 20.44.46 (DIR) 0 byte 52 days old -- $NtUninstallKB911562$
06/02/2008 20.44.50 (DIR) 0 byte 52 days old -- $NtUninstallKB900485$
06/02/2008 20.44.52 (DIR) 0 byte 52 days old -- $NtUninstallKB908531$
06/02/2008 20.44.57 (DIR) 0 byte 52 days old -- $NtUninstallKB914389$
06/02/2008 20.44.59 (DIR) 0 byte 52 days old -- $NtUninstallKB917344$
06/02/2008 20.45.02 (DIR) 0 byte 52 days old -- $NtUninstallKB918439$
06/02/2008 20.45.05 (DIR) 0 byte 52 days old -- $NtUninstallKB913580$
06/02/2008 20.45.08 (DIR) 0 byte 52 days old -- $NtUninstallKB911280$
06/02/2008 20.45.11 (DIR) 0 byte 52 days old -- $NtUninstallKB914388$
06/02/2008 20.45.14 (DIR) 0 byte 52 days old -- $NtUninstallKB920670$
06/02/2008 20.45.16 (DIR) 0 byte 52 days old -- $NtUninstallKB920683$
06/02/2008 20.45.21 (DIR) 0 byte 52 days old -- $NtUninstallKB922582$
06/02/2008 20.45.24 (DIR) 0 byte 52 days old -- $NtUninstallKB916595$
06/02/2008 20.45.26 (DIR) 0 byte 52 days old -- $NtUninstallKB919007$
06/02/2008 20.45.29 (DIR) 0 byte 52 days old -- $NtUninstallKB920685$
06/02/2008 20.45.33 (DIR) 0 byte 52 days old -- $NtUninstallKB920872$
06/02/2008 20.45.35 (DIR) 0 byte 52 days old -- $NtUninstallKB923414$
06/02/2008 20.45.40 (DIR) 0 byte 52 days old -- $NtUninstallKB924496$
06/02/2008 20.45.43 (DIR) 0 byte 52 days old -- $NtUninstallKB923191$
06/02/2008 20.45.46 (DIR) 0 byte 52 days old -- $NtUninstallKB922819$
06/02/2008 20.45.49 (DIR) 0 byte 52 days old -- $NtUninstallKB924270$
06/02/2008 20.45.55 (DIR) 0 byte 52 days old -- $NtUninstallKB923980$
06/02/2008 20.45.58 (DIR) 0 byte 52 days old -- $NtUninstallKB926255$
06/02/2008 20.46.01 (DIR) 0 byte 52 days old -- $NtUninstallKB928255$
06/02/2008 20.46.06 (DIR) 0 byte 52 days old -- $NtUninstallKB928843$
06/02/2008 20.46.08 (DIR) 0 byte 52 days old -- $NtUninstallKB927802$
06/02/2008 20.46.10 (DIR) 0 byte 52 days old -- $NtUninstallKB924667$
06/02/2008 20.46.13 (DIR) 0 byte 52 days old -- $NtUninstallKB927779$
06/02/2008 20.46.16 (DIR) 0 byte 52 days old -- $NtUninstallKB918118$
06/02/2008 20.46.18 (DIR) 0 byte 52 days old -- $NtUninstallKB926436$
06/02/2008 20.46.22 (DIR) 0 byte 52 days old -- $NtUninstallKB925902$
06/02/2008 20.46.26 (DIR) 0 byte 52 days old -- $NtUninstallKB931784$
06/02/2008 20.46.31 (DIR) 0 byte 52 days old -- $NtUninstallKB930178$
06/02/2008 20.46.34 (DIR) 0 byte 52 days old -- $NtUninstallKB931261$
06/02/2008 20.46.36 (DIR) 0 byte 52 days old -- $NtUninstallKB932168$
06/02/2008 20.46.38 (DIR) 0 byte 52 days old -- $NtUninstallKB890046$
06/02/2008 20.46.42 (DIR) 0 byte 52 days old -- $NtUninstallKB920213$
06/02/2008 20.46.43 (DIR) 0 byte 52 days old -- $NtUninstallKB930916$
06/02/2008 20.46.47 (DIR) 0 byte 52 days old -- $NtUninstallKB927891$
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- $NtUninstallKB929123$
06/02/2008 20.46.54 (DIR) 0 byte 52 days old -- $NtUninstallKB935840$
06/02/2008 20.46.56 (DIR) 0 byte 52 days old -- $NtUninstallKB935839$
06/02/2008 20.47.03 (DIR) 0 byte 52 days old -- $NtUninstallKB925398_WMP64$
06/02/2008 20.47.05 (DIR) 0 byte 52 days old -- $NtUninstallKB938828$
06/02/2008 20.47.08 (DIR) 0 byte 52 days old -- $NtUninstallKB921503$
06/02/2008 20.47.11 (DIR) 0 byte 52 days old -- $NtUninstallKB938829$
06/02/2008 20.47.16 (DIR) 0 byte 52 days old -- $NtUninstallKB936782_WMP9$
06/02/2008 20.47.20 (DIR) 0 byte 52 days old -- $NtUninstallKB938127$
06/02/2008 20.47.23 (DIR) 0 byte 52 days old -- $NtUninstallKB936021$
06/02/2008 20.47.26 (DIR) 0 byte 52 days old -- $NtUninstallKB933729$
06/02/2008 20.47.28 (DIR) 0 byte 52 days old -- $NtUninstallKB941202$
06/02/2008 20.47.32 (DIR) 0 byte 52 days old -- $NtUninstallKB943460_0$
06/02/2008 20.48.37 (DIR) 0 byte 52 days old -- msagent
07/02/2008 12.21.40 (DIR) 0 byte 51 days old -- $NtUninstallKB904942$
07/02/2008 12.21.45 (DIR) 0 byte 51 days old -- $NtUninstallKB914440$
07/02/2008 12.21.46 (DIR) 0 byte 51 days old -- network diagnostic
07/02/2008 12.21.50 (DIR) 0 byte 51 days old -- $NtUninstallKB943460$
07/02/2008 12.22.16 (DIR) 0 byte 51 days old -- $NtUninstallKB915865$
07/02/2008 12.22.26 (DIR) 0 byte 51 days old -- $NtServicePackUninstallNLSDownlevelMapping$
07/02/2008 12.22.33 (DIR) 0 byte 51 days old -- $NtServicePackUninstallIDNMitigationAPIs$
07/02/2008 12.22.44 (DIR) 0 byte 51 days old -- ie7
07/02/2008 12.22.47 (DIR) 0 byte 51 days old -- Media
07/02/2008 12.22.49 (DIR) 0 byte 51 days old -- WBEM
07/02/2008 12.23.14 (DIR) 0 byte 51 days old -- ie7updates
07/02/2008 12.23.25 (DIR) 0 byte 51 days old -- $NtUninstallKB942763$
07/02/2008 12.23.29 (DIR) 0 byte 51 days old -- $NtUninstallKB941568$
07/02/2008 12.23.33 (DIR) 0 byte 51 days old -- $NtUninstallKB942615$
07/02/2008 12.23.36 (DIR) 0 byte 51 days old -- $NtUninstallKB944653$
07/02/2008 12.24.02 (DIR) 0 byte 51 days old -- $NtUninstallKB941569$
07/02/2008 12.24.04 (DIR) 0 byte 51 days old -- $NtUninstallKB941644$
07/02/2008 12.24.06 (DIR) 0 byte 51 days old -- $NtUninstallKB942840$
07/02/2008 12.24.09 (DIR) 0 byte 51 days old -- $NtUninstallKB943485$
07/02/2008 14.02.43 (DIR) 0 byte 51 days old -- $NtUninstallWudf01000$
07/02/2008 14.02.58 (DIR) 0 byte 51 days old -- $NtUninstallWMFDist11$
07/02/2008 14.03.04 316640 byte 51 days old -- WMSysPr9.prx
07/02/2008 14.03.19 (DIR) 0 byte 51 days old -- $NtUninstallwmp11$
07/02/2008 14.03.20 (DIR) 0 byte 51 days old -- Help
07/02/2008 14.03.28 (DIR) 0 byte 51 days old -- $NtUninstallMSCompPackV1$
07/02/2008 14.03.36 (DIR) 0 byte 51 days old -- $NtUninstallKB926239$
07/02/2008 14.08.36 (DIR) 0 byte 51 days old -- AppPatch
07/02/2008 16.20.50 (DIR) 0 byte 51 days old -- Downloaded Installations
08/02/2008 19.19.06 424 byte 50 days old -- ODBC.INI
09/02/2008 01.24.58 (DIR) 0 byte 49 days old -- $NtUninstallKB929399$
09/02/2008 01.25.05 (DIR) 0 byte 49 days old -- $NtUninstallKB936782_WMP11$
09/02/2008 01.25.13 (DIR) 0 byte 49 days old -- $NtUninstallKB939683$
09/02/2008 14.20.37 737280 byte 49 days old -- iun6002.exe
09/02/2008 17.12.50 70276 byte 49 days old -- ModemLog_SoftV92 Data Fax Modem.txt
10/02/2008 11.07.13 (DIR) 0 byte 48 days old -- Fonts
13/02/2008 10.19.46 (DIR) 0 byte 45 days old -- $NtUninstallKB946026$
13/02/2008 10.20.19 (DIR) 0 byte 45 days old -- $NtUninstallKB943055$
14/02/2008 17.19.56 (DIR) 0 byte 44 days old -- Cursors
19/02/2008 09.35.53 (DIR) 0 byte 39 days old -- WinSxS
18/03/2008 16.39.43 (DIR) 0 byte 11 days old -- Applian FLV Player
18/03/2008 17.08.09 (DIR) 0 byte 11 days old -- vbSkinner
20/03/2008 15.25.00 (DIR) 0 byte 9 days old -- $hf_mig$
28/03/2008 12.19.27 781 byte 1 days old -- win.ini
28/03/2008 20.33.58 14 byte 1 days old -- popcinfo.dat
29/03/2008 11.20.25 69 byte 0 days old -- NeroDigital.ini
29/03/2008 12.29.09 (DIR) 0 byte 0 days old -- Debug
29/03/2008 14.36.33 (DIR) 0 byte 0 days old -- Installer
29/03/2008 14.50.59 (DIR) 0 byte 0 days old -- inf
29/03/2008 14.51.00 (DIR) 0 byte 0 days old -- Downloaded Program Files
29/03/2008 14.51.00 4237 byte 0 days old -- setupapi.log
29/03/2008 15.23.36 (DIR) 0 byte 0 days old -- erdnt
29/03/2008 15.23.50 32608 byte 0 days old -- SchedLgU.Txt
29/03/2008 15.24.42 2048 byte 0 days old -- bootstat.dat
29/03/2008 15.24.48 50 byte 0 days old -- wiaservc.log
29/03/2008 15.24.48 1298867 byte 0 days old -- WindowsUpdate.log
29/03/2008 15.24.49 157 byte 0 days old -- wiadebug.log
29/03/2008 15.24.51 0 byte 0 days old -- 0.log
29/03/2008 15.25.37 227 byte 0 days old -- system.ini
29/03/2008 15.25.57 (DIR) 0 byte 0 days old -- Temp
29/03/2008 15.26.14 (DIR) 0 byte 0 days old -- Prefetch
29/03/2008 15.26.25 (DIR) 0 byte 0 days old -- system32
29/03/2008 15.26.54 7266 byte 0 days old -- ModemLog_PCI SoftV92 Speakerphone Modem.txt

----- recent files in C:\WINDOWS\Downloaded Program Files\
05/02/2008 22.43.43 65 byte 53 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 3076
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 3com_dmi
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1054
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 2052
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- dhcp
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- wins
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- IME
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- export
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1042
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1028
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1031
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- mui
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1025
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- inetsrv
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1041
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1037
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- ShellExt
05/02/2008 22.39.05 (DIR) 0 byte 53 days old -- spool
05/02/2008 22.40.56 (DIR) 0 byte 53 days old -- 1033
05/02/2008 22.40.57 (DIR) 0 byte 53 days old -- MsDtc
05/02/2008 22.41.07 (DIR) 0 byte 53 days old -- ias
05/02/2008 22.41.09 21840 byte 53 days old -- emptyregdb.dat
05/02/2008 22.41.54 (DIR) 0 byte 53 days old -- icsxml
05/02/2008 22.42.07 (DIR) 0 byte 53 days old -- Macromed
05/02/2008 22.42.16 (DIR) 0 byte 53 days old -- ras
05/02/2008 22.42.51 (DIR) 0 byte 53 days old -- 1040
05/02/2008 22.42.59 (DIR) 0 byte 53 days old -- oobe
05/02/2008 22.43.39 749 byte 53 days old -- nwc.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- wuaucpl.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- ncpa.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- sapi.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- cdplayer.exe.manifest
05/02/2008 22.43.43 488 byte 53 days old -- logonui.exe.manifest
05/02/2008 22.43.43 488 byte 53 days old -- WindowsLogon.manifest
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- xircom
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- wbem
05/02/2008 22.46.14 261 byte 53 days old -- $winnt$.inf
05/02/2008 22.46.55 (DIR) 0 byte 53 days old -- npp
05/02/2008 22.47.47 (DIR) 0 byte 53 days old -- usmt
05/02/2008 22.48.01 (DIR) 0 byte 53 days old -- Setup
05/02/2008 23.38.18 0 byte 53 days old -- h323log.txt
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- Microsoft
06/02/2008 00.27.54 (DIR) 0 byte 52 days old -- Restore
06/02/2008 08.21.50 13732 byte 52 days old -- wpa.bak
06/02/2008 08.49.57 (DIR) 0 byte 52 days old -- ReinstallBackups
06/02/2008 09.12.50 107888 byte 52 days old -- CmdLineExt.dll
06/02/2008 10.12.33 (DIR) 0 byte 52 days old -- SoftwareDistribution
06/02/2008 14.18.36 2934 byte 52 days old -- CONFIG.NT
06/02/2008 15.39.06 (DIR) 0 byte 52 days old -- PreInstall
06/02/2008 20.44.13 (DIR) 0 byte 52 days old -- Com
06/02/2008 21.22.42 345382 byte 52 days old -- perfh010.dat
06/02/2008 21.22.42 751592 byte 52 days old -- PerfStringBackup.INI
06/02/2008 21.22.42 311740 byte 52 days old -- perfh009.dat
06/02/2008 21.22.42 40128 byte 52 days old -- perfc009.dat
06/02/2008 21.22.42 47814 byte 52 days old -- perfc010.dat
07/02/2008 12.23.18 (DIR) 0 byte 51 days old -- it-it
07/02/2008 12.23.25 138684 byte 51 days old -- TZLog.log
07/02/2008 14.02.44 (DIR) 0 byte 51 days old -- LogFiles
07/02/2008 14.08.48 23392 byte 51 days old -- nscompat.tlb
07/02/2008 14.08.48 16832 byte 51 days old -- amcompat.tlb
07/02/2008 15.51.07 (DIR) 0 byte 51 days old -- DRVSTORE
09/02/2008 08.45.18 (DIR) 0 byte 49 days old -- CatRoot
10/02/2008 13.40.24 188200 byte 48 days old -- FNTCACHE.DAT
13/02/2008 10.20.21 (DIR) 0 byte 45 days old -- dllcache
14/02/2008 17.19.24 (DIR) 0 byte 44 days old -- DirectX
05/03/2008 17.30.54 19148408 byte 24 days old -- MRT.exe
29/03/2008 11.21.40 13732 byte 0 days old -- wpa.dbl
29/03/2008 14.36.34 188 byte 0 days old -- MsiExec.exe.log
29/03/2008 14.50.59 (DIR) 0 byte 0 days old -- Kaspersky Lab
29/03/2008 15.23.39 (DIR) 0 byte 0 days old -- config
29/03/2008 15.25.28 81191 byte 0 days old -- nvapps.xml
29/03/2008 15.26.06 (DIR) 0 byte 0 days old -- CatRoot2
29/03/2008 15.26.24 (DIR) 0 byte 0 days old -- drivers

----- recent files in C:\WINDOWS\system32\drivers\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- disdn
07/02/2008 14.03.01 (DIR) 0 byte 51 days old -- UMDF
07/02/2008 15.50.39 47360 byte 51 days old -- pcouffin.sys
29/03/2008 10.34.51 61632 byte 0 days old -- avipbb.sys
29/03/2008 15.25.26 (DIR) 0 byte 0 days old -- etc

----- recent files in C:\WINDOWS\temp\
29/03/2008 15.24.45 16384 byte 0 days old -- Perflib_Perfdata_488.dat
29/03/2008 15.25.38 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Programmi\
05/02/2008 22.40.17 (DIR) 0 byte 53 days old -- Windows NT
05/02/2008 22.40.30 (DIR) 0 byte 53 days old -- MSN Gaming Zone
05/02/2008 22.41.03 (DIR) 0 byte 53 days old -- ComPlus Applications
05/02/2008 22.41.58 (DIR) 0 byte 53 days old -- Movie Maker
05/02/2008 22.42.24 (DIR) 0 byte 53 days old -- NetMeeting
05/02/2008 22.43.33 (DIR) 0 byte 53 days old -- Servizi in linea
05/02/2008 22.43.36 (DIR) 0 byte 53 days old -- WindowsUpdate
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- microsoft frontpage
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- xerox
06/02/2008 07.50.25 (DIR) 0 byte 52 days old -- Uninstall Information
06/02/2008 08.51.11 (DIR) 0 byte 52 days old -- DIFX
06/02/2008 08.53.08 (DIR) 0 byte 52 days old -- Analog Devices
06/02/2008 08.56.12 (DIR) 0 byte 52 days old -- InstallShield Installation Information
06/02/2008 09.03.42 (DIR) 0 byte 52 days old -- Sports Interactive
06/02/2008 09.03.42 (DIR) 0 byte 52 days old -- Zero G Registry
06/02/2008 14.18.27 (DIR) 0 byte 52 days old -- Alwil Software
06/02/2008 19.17.03 (DIR) 0 byte 52 days old -- Microsoft Office
06/02/2008 19.17.28 (DIR) 0 byte 52 days old -- Microsoft.NET
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- Outlook Express
06/02/2008 20.48.36 (DIR) 0 byte 52 days old -- Messenger
07/02/2008 12.30.48 (DIR) 0 byte 51 days old -- Microsoft Silverlight
07/02/2008 14.03.23 (DIR) 0 byte 51 days old -- Windows Media Connect 2
07/02/2008 14.08.36 (DIR) 0 byte 51 days old -- Windows Media Player
07/02/2008 15.50.57 (DIR) 0 byte 51 days old -- Windows Live
09/02/2008 14.20.14 (DIR) 0 byte 49 days old -- Virgilio Toolbar
09/02/2008 14.55.17 (DIR) 0 byte 49 days old -- C6 Messenger
09/02/2008 17.13.05 (DIR) 0 byte 49 days old -- CONEXANT
12/02/2008 19.52.43 (DIR) 0 byte 46 days old -- IrfanView
13/02/2008 12.58.58 (DIR) 0 byte 45 days old -- Internet Explorer
14/02/2008 17.08.24 (DIR) 0 byte 44 days old -- Ahead
19/02/2008 09.35.53 (DIR) 0 byte 39 days old -- MSXML 4.0
01/03/2008 11.02.16 (DIR) 0 byte 28 days old -- CViewer
07/03/2008 08.45.45 (DIR) 0 byte 22 days old -- Hattrick Control
18/03/2008 16.39.44 (DIR) 0 byte 11 days old -- FLV Player
19/03/2008 20.27.39 (DIR) 0 byte 10 days old -- eMule2
21/03/2008 13.27.55 (DIR) 0 byte 8 days old -- DNA
21/03/2008 13.34.05 (DIR) 0 byte 8 days old -- BitTorrent
21/03/2008 17.48.47 (DIR) 0 byte 8 days old -- Control Viewer
26/03/2008 12.42.19 (DIR) 0 byte 3 days old -- WinRAR
29/03/2008 09.59.33 (DIR) 0 byte 0 days old -- Avira
29/03/2008 10.47.31 (DIR) 0 byte 0 days old -- PFConfig
29/03/2008 12.28.22 (DIR) 0 byte 0 days old -- CCleaner
29/03/2008 14.03.01 (DIR) 0 byte 0 days old -- RogueRemover FREE
29/03/2008 14.26.01 (DIR) 0 byte 0 days old -- Trend Micro
29/03/2008 14.29.46 (DIR) 0 byte 0 days old -- eMule
29/03/2008 14.36.13 (DIR) 0 byte 0 days old -- File comuni
29/03/2008 14.37.05 (DIR) 0 byte 0 days old -- DVDFab Platinum 3
29/03/2008 15.07.01 (DIR) 0 byte 0 days old -- FPA

----- recent files in C:\Programmi\File comuni\
05/02/2008 22.42.16 (DIR) 0 byte 53 days old -- MSSoap
05/02/2008 22.42.23 (DIR) 0 byte 53 days old -- Services
05/02/2008 22.50.18 (DIR) 0 byte 53 days old -- SpeechEngines
05/02/2008 22.50.22 (DIR) 0 byte 53 days old -- ODBC
06/02/2008 08.09.01 (DIR) 0 byte 52 days old -- InstallShield
06/02/2008 08.56.18 (DIR) 0 byte 52 days old -- snpstd
06/02/2008 19.17.02 (DIR) 0 byte 52 days old -- DESIGNER
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- System
07/02/2008 14.37.46 (DIR) 0 byte 51 days old -- WindowsLiveInstaller
10/02/2008 11.07.00 (DIR) 0 byte 48 days old -- Microsoft Shared

----- recent files in C:\Documents and Settings\Valerio\Dati applicazioni\
05/02/2008 22.49.43 62 byte 53 days old -- desktop.ini
06/02/2008 07.50.26 (DIR) 0 byte 52 days old -- Identities
06/02/2008 09.12.50 (DIR) 0 byte 52 days old -- SecuROM
07/02/2008 15.52.47 (DIR) 0 byte 51 days old -- Adobe
07/02/2008 15.54.33 (DIR) 0 byte 51 days old -- Macromedia
07/02/2008 19.25.58 (DIR) 0 byte 51 days old -- WinRAR
07/02/2008 19.27.27 (DIR) 0 byte 51 days old -- Sports Interactive
14/02/2008 17.21.15 (DIR) 0 byte 44 days old -- Nero
20/02/2008 09.51.34 (DIR) 0 byte 38 days old -- Microsoft
16/03/2008 19.24.37 (DIR) 0 byte 13 days old -- eMule
21/03/2008 14.15.11 (DIR) 0 byte 8 days old -- BitTorrent
29/03/2008 14.37.04 47360 byte 0 days old -- pcouffin.sys
29/03/2008 14.37.04 7887 byte 0 days old -- pcouffin.cat
29/03/2008 14.37.04 1144 byte 0 days old -- pcouffin.inf
29/03/2008 14.37.05 (DIR) 0 byte 0 days old -- Vso
29/03/2008 14.37.05 33 byte 0 days old -- pcouffin.log
29/03/2008 15.23.43 (DIR) 0 byte 0 days old -- DNA

----- recent files in C:\DOCUME~1\Valerio\IMPOST~1\Temp\
29/03/2008 15.26.47 16384 byte 0 days old -- ~DFC1E8.tmp
29/03/2008 15.26.47 54 byte 0 days old -- systemscan.ini
29/03/2008 15.26.55 (DIR) 0 byte 0 days old -- nsg3.tmp

===================== Duplicated files in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\WINDOWS\system32\sw20.exe"
"SW24"="C:\WINDOWS\system32\sw24.exe"
"WinSys2"="C:\WINDOWS\system32\winsys2.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe"
"SoundMAX"="\"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe\" /tray"
"CameraFixer"="C:\WINDOWS\CameraFixer.exe"
"snpstd"="C:\WINDOWS\vsnpstd.exe"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"NBKeyScan"="\"C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe\""
"avgnt"="\"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"

[run\OptionalComponents]

[run\OptionalComponents\IMAIL]
"Installed"="1"

[run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe\""
"msnmsgr"="\"C:\Programmi\Windows Live\Messenger\msnmsgr.exe\" /background"
"BitTorrent DNA"="\"C:\Programmi\DNA\btdna.exe\""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00002cdf

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe"="C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\ESUpdate.exe"="C:\WINDOWS\ESUpdate.exe:*:Enabled:Virgilio Toolbar"
"C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe"="C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe:*:Enabled:C6 Scambia File"
"C:\Programmi\C6 Messenger\c6Messenger.exe"="C:\Programmi\C6 Messenger\c6Messenger.exe:*:Enabled:C6 Messenger"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\eMule2\emule.exe"="C:\Programmi\eMule2\emule.exe:*:Enabled:eMuleMorphXT"
"C:\Programmi\DNA\btdna.exe"="C:\Programmi\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programmi\BitTorrent\bittorrent.exe"="C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

[AU]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{D1FF7F4A-899A-42AB-8588-03237D4456D8}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\RogueRemover Free]

[VB and VBA Program Settings\RogueRemover Free\Run]

[VB and VBA Program Settings\vbSkinner Pro 2]

[VB and VBA Program Settings\vbSkinner Pro 2\C:]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi\PFConfig]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi\PFConfig\PFConfig.exe]

[VB and VBA Program Settings\vbSkinner Pro 2\Msgbox_Captions]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
"@="Aggiornamento della protezione per Windows XP (KB923789)"
"ComponentID"="KB923789"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {CEDCC9D8-A663-492A-AE05-FA6CBB276160} REG_BINARY 0F000000000000000000000000000000AF51EE47F9000000000000000000000000000000AF51EE4701000000000000000000000000000000AF51EE472B000000000000000000000000000000AF51EE472C000000000000000000000000000000AF51EE4706000000000000000000000000000000AF51EE47
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {CEDCC9D8-A663-492A-AE05-FA6CBB276160} REG_BINARY 0F000000000000000000000000000000854EEE47F9000000000000000000000000000000854EEE4701000000000000000000000000000000854EEE472B000000000000000000000000000000854EEE472C000000000000000000000000000000854EEE4706000000000000000000000000000000854EEE47
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11487 (0x2CDF)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 11477 (0x2CD5)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Programmi\MSN BackUp\MSNBackup.exe REG_SZ C:\Programmi\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NTEContextList REG_MULTI_SZ 0x00000003\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpIPAddress REG_SZ 62.11.16.191
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NameServer REG_SZ 213.205.36.70 213.205.32.70
> Value: HKEY_
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 29 Mar 2008 16:35    Oggetto: Rispondi citando
SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Valerio\Desktop\sys93255.exe
Running in: User mode
Date: 29/03/2008
Time: 15.26.55

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include hijackthis.log

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Linda
| SUPPORT_388945a0 (Disabled)
Yes | Valerio

### users folders

05/02/2008 22.43.49 (DIR) 0 byte 53 days old -- All Users
05/02/2008 22.46.45 (DIR) 0 byte 53 days old -- NetworkService
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- LocalService
07/02/2008 16.08.30 (DIR) 0 byte 51 days old -- Default User
28/03/2008 17.21.14 (DIR) 0 byte 1 days old -- Linda
29/03/2008 15.23.48 (DIR) 0 byte 0 days old -- Valerio

### startup files in users folders

C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Valerio\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== Recent files (60 days old) =====================

----- recent files in C:\
05/02/2008 22.44.27 0 byte 53 days old -- CONFIG.SYS
05/02/2008 22.44.27 0 byte 53 days old -- IO.SYS
05/02/2008 22.44.27 0 byte 53 days old -- MSDOS.SYS
05/02/2008 22.44.27 0 byte 53 days old -- AUTOEXEC.BAT
06/02/2008 00.27.54 (DIR) 0 byte 52 days old -- System Volume Information
06/02/2008 08.50.43 223 byte 52 days old -- boot.ini
06/02/2008 21.21.28 (DIR) 0 byte 52 days old -- Documents and Settings
08/02/2008 20.37.02 (DIR) 0 byte 50 days old -- RECYCLER
10/02/2008 17.06.43 (DIR) 0 byte 48 days old -- Program Files
12/03/2008 16.23.08 244 byte 17 days old -- sqmnoopt09.sqm
12/03/2008 16.23.08 232 byte 17 days old -- sqmdata09.sqm
12/03/2008 19.20.55 232 byte 17 days old -- sqmdata10.sqm
12/03/2008 19.20.55 244 byte 17 days old -- sqmnoopt10.sqm
12/03/2008 23.34.29 244 byte 17 days old -- sqmnoopt11.sqm
12/03/2008 23.34.29 232 byte 17 days old -- sqmdata11.sqm
13/03/2008 17.20.39 244 byte 16 days old -- sqmnoopt12.sqm
13/03/2008 17.20.39 232 byte 16 days old -- sqmdata12.sqm
13/03/2008 20.37.11 244 byte 16 days old -- sqmnoopt13.sqm
13/03/2008 20.37.11 232 byte 16 days old -- sqmdata13.sqm
14/03/2008 19.30.07 244 byte 15 days old -- sqmnoopt14.sqm
14/03/2008 19.30.07 232 byte 15 days old -- sqmdata14.sqm
15/03/2008 12.05.10 244 byte 14 days old -- sqmnoopt15.sqm
15/03/2008 12.05.10 232 byte 14 days old -- sqmdata15.sqm
15/03/2008 19.08.40 232 byte 14 days old -- sqmdata16.sqm
15/03/2008 19.08.40 244 byte 14 days old -- sqmnoopt16.sqm
16/03/2008 15.01.52 232 byte 13 days old -- sqmdata17.sqm
16/03/2008 15.01.52 244 byte 13 days old -- sqmnoopt17.sqm
16/03/2008 20.17.36 244 byte 13 days old -- sqmnoopt18.sqm
16/03/2008 20.17.36 232 byte 13 days old -- sqmdata18.sqm
16/03/2008 21.51.16 244 byte 13 days old -- sqmnoopt19.sqm
16/03/2008 21.51.16 232 byte 13 days old -- sqmdata19.sqm
17/03/2008 07.05.51 232 byte 12 days old -- sqmdata00.sqm
17/03/2008 07.05.51 244 byte 12 days old -- sqmnoopt00.sqm
17/03/2008 09.37.11 232 byte 12 days old -- sqmdata01.sqm
17/03/2008 09.37.11 244 byte 12 days old -- sqmnoopt01.sqm
17/03/2008 13.44.13 244 byte 12 days old -- sqmnoopt02.sqm
17/03/2008 13.44.13 232 byte 12 days old -- sqmdata02.sqm
17/03/2008 16.40.58 244 byte 12 days old -- sqmnoopt03.sqm
17/03/2008 16.40.58 232 byte 12 days old -- sqmdata03.sqm
17/03/2008 20.27.43 244 byte 12 days old -- sqmnoopt04.sqm
17/03/2008 20.27.43 232 byte 12 days old -- sqmdata04.sqm
18/03/2008 20.38.03 232 byte 11 days old -- sqmdata05.sqm
18/03/2008 20.38.03 244 byte 11 days old -- sqmnoopt05.sqm
19/03/2008 17.29.10 232 byte 10 days old -- sqmdata06.sqm
19/03/2008 17.29.10 244 byte 10 days old -- sqmnoopt06.sqm
19/03/2008 18.39.10 244 byte 10 days old -- sqmnoopt07.sqm
19/03/2008 18.39.11 232 byte 10 days old -- sqmdata07.sqm
19/03/2008 20.29.38 232 byte 10 days old -- sqmdata08.sqm
19/03/2008 20.29.38 244 byte 10 days old -- sqmnoopt08.sqm
28/03/2008 12.19.06 230424 byte 1 days old -- img1-001.raw
29/03/2008 13.42.00 518 byte 0 days old -- InfoSat.txt
29/03/2008 14.36.13 (DIR) 0 byte 0 days old -- Programmi
29/03/2008 15.11.41 (DIR) 0 byte 0 days old -- Config.Msi
29/03/2008 15.24.41 2145386496 byte 0 days old -- pagefile.sys
29/03/2008 15.25.28 53 byte 0 days old -- biosinfo
29/03/2008 15.25.37 (DIR) 0 byte 0 days old -- WINDOWS
29/03/2008 15.26.19 (DIR) 0 byte 0 days old -- QooBox
29/03/2008 15.26.22 11853 byte 0 days old -- ComboFix.txt
29/03/2008 15.26.55 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- mui
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- msapps
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Driver Cache
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Config
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- addins
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Provisioning
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Connection Wizard
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- repair
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- java
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- Resources
05/02/2008 22.41.02 37 byte 53 days old -- vbaddin.ini
05/02/2008 22.41.02 36 byte 53 days old -- vb.ini
05/02/2008 22.41.46 (DIR) 0 byte 53 days old -- pchealth
05/02/2008 22.42.41 (DIR) 0 byte 53 days old -- twain_32
05/02/2008 22.43.27 (DIR) 0 byte 53 days old -- srchasst
05/02/2008 22.43.39 749 byte 53 days old -- WindowsShell.Manifest
05/02/2008 22.43.43 (DIR) 0 byte 53 days old -- Offline Web Pages
05/02/2008 22.43.45 (DIR) 0 byte 53 days old -- Web
05/02/2008 22.44.13 (DIR) 0 byte 53 days old -- Registration
05/02/2008 22.44.17 4161 byte 53 days old -- ODBCINST.INI
05/02/2008 22.44.27 0 byte 53 days old -- control.ini
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- ime
05/02/2008 22.46.48 8192 byte 53 days old -- REGLOCS.OLD
05/02/2008 22.47.14 (DIR) 0 byte 53 days old -- PeerNet
05/02/2008 22.52.03 0 byte 53 days old -- Sti_Trace.log
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- Tasks
06/02/2008 03.00.23 (DIR) 0 byte 52 days old -- security
06/02/2008 08.12.04 (DIR) 0 byte 52 days old -- nview
06/02/2008 08.13.47 0 byte 52 days old -- msicpl.ini
06/02/2008 08.30.40 25044 byte 52 days old -- Ascd_tmp.ini
06/02/2008 08.48.16 (DIR) 0 byte 52 days old -- AsDmiHtm
06/02/2008 08.52.22 (DIR) 0 byte 52 days old -- $NtUninstallKB888111WXPSP2$
06/02/2008 08.53.52 0 byte 52 days old -- AS_Debug.txt
06/02/2008 10.17.51 (DIR) 0 byte 52 days old -- SoftwareDistribution
06/02/2008 15.39.01 (DIR) 0 byte 52 days old -- $MSI31Uninstall_KB893803v2$
06/02/2008 15.39.05 (DIR) 0 byte 52 days old -- $NtUninstallKB898461$
06/02/2008 19.15.05 (DIR) 0 byte 52 days old -- system
06/02/2008 19.17.24 (DIR) 0 byte 52 days old -- SHELLNEW
06/02/2008 20.43.24 (DIR) 0 byte 52 days old -- $NtUninstallKB873339$
06/02/2008 20.43.28 (DIR) 0 byte 52 days old -- $NtUninstallKB886185$
06/02/2008 20.43.31 (DIR) 0 byte 52 days old -- $NtUninstallKB885836$
06/02/2008 20.43.33 (DIR) 0 byte 52 days old -- $NtUninstallKB888302$
06/02/2008 20.43.35 (DIR) 0 byte 52 days old -- $NtUninstallKB887472$
06/02/2008 20.43.38 (DIR) 0 byte 52 days old -- $NtUninstallKB891781$
06/02/2008 20.43.41 (DIR) 0 byte 52 days old -- $NtUninstallKB885835$
06/02/2008 20.43.44 (DIR) 0 byte 52 days old -- $NtUninstallKB896428$
06/02/2008 20.43.47 (DIR) 0 byte 52 days old -- $NtUninstallKB901214$
06/02/2008 20.43.50 (DIR) 0 byte 52 days old -- $NtUninstallKB890859$
06/02/2008 20.43.55 (DIR) 0 byte 52 days old -- $NtUninstallKB896358$
06/02/2008 20.43.57 (DIR) 0 byte 52 days old -- $NtUninstallKB893756$
06/02/2008 20.44.00 (DIR) 0 byte 52 days old -- $NtUninstallKB899591$
06/02/2008 20.44.03 (DIR) 0 byte 52 days old -- $NtUninstallKB899587$
06/02/2008 20.44.05 (DIR) 0 byte 52 days old -- $NtUninstallKB896423$
06/02/2008 20.44.08 (DIR) 0 byte 52 days old -- $NtUninstallKB894391$
06/02/2008 20.44.11 (DIR) 0 byte 52 days old -- $NtUninstallKB902400$
06/02/2008 20.44.17 (DIR) 0 byte 52 days old -- $NtUninstallKB901017$
06/02/2008 20.44.20 (DIR) 0 byte 52 days old -- $NtUninstallKB905414$
06/02/2008 20.44.22 (DIR) 0 byte 52 days old -- $NtUninstallKB905749$
06/02/2008 20.44.25 (DIR) 0 byte 52 days old -- $NtUninstallKB900725$
06/02/2008 20.44.30 (DIR) 0 byte 52 days old -- $NtUninstallKB910437$
06/02/2008 20.44.33 (DIR) 0 byte 52 days old -- $NtUninstallKB908519$
06/02/2008 20.44.35 (DIR) 0 byte 52 days old -- $NtUninstallKB911927$
06/02/2008 20.44.42 (DIR) 0 byte 52 days old -- $NtUninstallKB911564$
06/02/2008 20.44.46 (DIR) 0 byte 52 days old -- $NtUninstallKB911562$
06/02/2008 20.44.50 (DIR) 0 byte 52 days old -- $NtUninstallKB900485$
06/02/2008 20.44.52 (DIR) 0 byte 52 days old -- $NtUninstallKB908531$
06/02/2008 20.44.57 (DIR) 0 byte 52 days old -- $NtUninstallKB914389$
06/02/2008 20.44.59 (DIR) 0 byte 52 days old -- $NtUninstallKB917344$
06/02/2008 20.45.02 (DIR) 0 byte 52 days old -- $NtUninstallKB918439$
06/02/2008 20.45.05 (DIR) 0 byte 52 days old -- $NtUninstallKB913580$
06/02/2008 20.45.08 (DIR) 0 byte 52 days old -- $NtUninstallKB911280$
06/02/2008 20.45.11 (DIR) 0 byte 52 days old -- $NtUninstallKB914388$
06/02/2008 20.45.14 (DIR) 0 byte 52 days old -- $NtUninstallKB920670$
06/02/2008 20.45.16 (DIR) 0 byte 52 days old -- $NtUninstallKB920683$
06/02/2008 20.45.21 (DIR) 0 byte 52 days old -- $NtUninstallKB922582$
06/02/2008 20.45.24 (DIR) 0 byte 52 days old -- $NtUninstallKB916595$
06/02/2008 20.45.26 (DIR) 0 byte 52 days old -- $NtUninstallKB919007$
06/02/2008 20.45.29 (DIR) 0 byte 52 days old -- $NtUninstallKB920685$
06/02/2008 20.45.33 (DIR) 0 byte 52 days old -- $NtUninstallKB920872$
06/02/2008 20.45.35 (DIR) 0 byte 52 days old -- $NtUninstallKB923414$
06/02/2008 20.45.40 (DIR) 0 byte 52 days old -- $NtUninstallKB924496$
06/02/2008 20.45.43 (DIR) 0 byte 52 days old -- $NtUninstallKB923191$
06/02/2008 20.45.46 (DIR) 0 byte 52 days old -- $NtUninstallKB922819$
06/02/2008 20.45.49 (DIR) 0 byte 52 days old -- $NtUninstallKB924270$
06/02/2008 20.45.55 (DIR) 0 byte 52 days old -- $NtUninstallKB923980$
06/02/2008 20.45.58 (DIR) 0 byte 52 days old -- $NtUninstallKB926255$
06/02/2008 20.46.01 (DIR) 0 byte 52 days old -- $NtUninstallKB928255$
06/02/2008 20.46.06 (DIR) 0 byte 52 days old -- $NtUninstallKB928843$
06/02/2008 20.46.08 (DIR) 0 byte 52 days old -- $NtUninstallKB927802$
06/02/2008 20.46.10 (DIR) 0 byte 52 days old -- $NtUninstallKB924667$
06/02/2008 20.46.13 (DIR) 0 byte 52 days old -- $NtUninstallKB927779$
06/02/2008 20.46.16 (DIR) 0 byte 52 days old -- $NtUninstallKB918118$
06/02/2008 20.46.18 (DIR) 0 byte 52 days old -- $NtUninstallKB926436$
06/02/2008 20.46.22 (DIR) 0 byte 52 days old -- $NtUninstallKB925902$
06/02/2008 20.46.26 (DIR) 0 byte 52 days old -- $NtUninstallKB931784$
06/02/2008 20.46.31 (DIR) 0 byte 52 days old -- $NtUninstallKB930178$
06/02/2008 20.46.34 (DIR) 0 byte 52 days old -- $NtUninstallKB931261$
06/02/2008 20.46.36 (DIR) 0 byte 52 days old -- $NtUninstallKB932168$
06/02/2008 20.46.38 (DIR) 0 byte 52 days old -- $NtUninstallKB890046$
06/02/2008 20.46.42 (DIR) 0 byte 52 days old -- $NtUninstallKB920213$
06/02/2008 20.46.43 (DIR) 0 byte 52 days old -- $NtUninstallKB930916$
06/02/2008 20.46.47 (DIR) 0 byte 52 days old -- $NtUninstallKB927891$
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- $NtUninstallKB929123$
06/02/2008 20.46.54 (DIR) 0 byte 52 days old -- $NtUninstallKB935840$
06/02/2008 20.46.56 (DIR) 0 byte 52 days old -- $NtUninstallKB935839$
06/02/2008 20.47.03 (DIR) 0 byte 52 days old -- $NtUninstallKB925398_WMP64$
06/02/2008 20.47.05 (DIR) 0 byte 52 days old -- $NtUninstallKB938828$
06/02/2008 20.47.08 (DIR) 0 byte 52 days old -- $NtUninstallKB921503$
06/02/2008 20.47.11 (DIR) 0 byte 52 days old -- $NtUninstallKB938829$
06/02/2008 20.47.16 (DIR) 0 byte 52 days old -- $NtUninstallKB936782_WMP9$
06/02/2008 20.47.20 (DIR) 0 byte 52 days old -- $NtUninstallKB938127$
06/02/2008 20.47.23 (DIR) 0 byte 52 days old -- $NtUninstallKB936021$
06/02/2008 20.47.26 (DIR) 0 byte 52 days old -- $NtUninstallKB933729$
06/02/2008 20.47.28 (DIR) 0 byte 52 days old -- $NtUninstallKB941202$
06/02/2008 20.47.32 (DIR) 0 byte 52 days old -- $NtUninstallKB943460_0$
06/02/2008 20.48.37 (DIR) 0 byte 52 days old -- msagent
07/02/2008 12.21.40 (DIR) 0 byte 51 days old -- $NtUninstallKB904942$
07/02/2008 12.21.45 (DIR) 0 byte 51 days old -- $NtUninstallKB914440$
07/02/2008 12.21.46 (DIR) 0 byte 51 days old -- network diagnostic
07/02/2008 12.21.50 (DIR) 0 byte 51 days old -- $NtUninstallKB943460$
07/02/2008 12.22.16 (DIR) 0 byte 51 days old -- $NtUninstallKB915865$
07/02/2008 12.22.26 (DIR) 0 byte 51 days old -- $NtServicePackUninstallNLSDownlevelMapping$
07/02/2008 12.22.33 (DIR) 0 byte 51 days old -- $NtServicePackUninstallIDNMitigationAPIs$
07/02/2008 12.22.44 (DIR) 0 byte 51 days old -- ie7
07/02/2008 12.22.47 (DIR) 0 byte 51 days old -- Media
07/02/2008 12.22.49 (DIR) 0 byte 51 days old -- WBEM
07/02/2008 12.23.14 (DIR) 0 byte 51 days old -- ie7updates
07/02/2008 12.23.25 (DIR) 0 byte 51 days old -- $NtUninstallKB942763$
07/02/2008 12.23.29 (DIR) 0 byte 51 days old -- $NtUninstallKB941568$
07/02/2008 12.23.33 (DIR) 0 byte 51 days old -- $NtUninstallKB942615$
07/02/2008 12.23.36 (DIR) 0 byte 51 days old -- $NtUninstallKB944653$
07/02/2008 12.24.02 (DIR) 0 byte 51 days old -- $NtUninstallKB941569$
07/02/2008 12.24.04 (DIR) 0 byte 51 days old -- $NtUninstallKB941644$
07/02/2008 12.24.06 (DIR) 0 byte 51 days old -- $NtUninstallKB942840$
07/02/2008 12.24.09 (DIR) 0 byte 51 days old -- $NtUninstallKB943485$
07/02/2008 14.02.43 (DIR) 0 byte 51 days old -- $NtUninstallWudf01000$
07/02/2008 14.02.58 (DIR) 0 byte 51 days old -- $NtUninstallWMFDist11$
07/02/2008 14.03.04 316640 byte 51 days old -- WMSysPr9.prx
07/02/2008 14.03.19 (DIR) 0 byte 51 days old -- $NtUninstallwmp11$
07/02/2008 14.03.20 (DIR) 0 byte 51 days old -- Help
07/02/2008 14.03.28 (DIR) 0 byte 51 days old -- $NtUninstallMSCompPackV1$
07/02/2008 14.03.36 (DIR) 0 byte 51 days old -- $NtUninstallKB926239$
07/02/2008 14.08.36 (DIR) 0 byte 51 days old -- AppPatch
07/02/2008 16.20.50 (DIR) 0 byte 51 days old -- Downloaded Installations
08/02/2008 19.19.06 424 byte 50 days old -- ODBC.INI
09/02/2008 01.24.58 (DIR) 0 byte 49 days old -- $NtUninstallKB929399$
09/02/2008 01.25.05 (DIR) 0 byte 49 days old -- $NtUninstallKB936782_WMP11$
09/02/2008 01.25.13 (DIR) 0 byte 49 days old -- $NtUninstallKB939683$
09/02/2008 14.20.37 737280 byte 49 days old -- iun6002.exe
09/02/2008 17.12.50 70276 byte 49 days old -- ModemLog_SoftV92 Data Fax Modem.txt
10/02/2008 11.07.13 (DIR) 0 byte 48 days old -- Fonts
13/02/2008 10.19.46 (DIR) 0 byte 45 days old -- $NtUninstallKB946026$
13/02/2008 10.20.19 (DIR) 0 byte 45 days old -- $NtUninstallKB943055$
14/02/2008 17.19.56 (DIR) 0 byte 44 days old -- Cursors
19/02/2008 09.35.53 (DIR) 0 byte 39 days old -- WinSxS
18/03/2008 16.39.43 (DIR) 0 byte 11 days old -- Applian FLV Player
18/03/2008 17.08.09 (DIR) 0 byte 11 days old -- vbSkinner
20/03/2008 15.25.00 (DIR) 0 byte 9 days old -- $hf_mig$
28/03/2008 12.19.27 781 byte 1 days old -- win.ini
28/03/2008 20.33.58 14 byte 1 days old -- popcinfo.dat
29/03/2008 11.20.25 69 byte 0 days old -- NeroDigital.ini
29/03/2008 12.29.09 (DIR) 0 byte 0 days old -- Debug
29/03/2008 14.36.33 (DIR) 0 byte 0 days old -- Installer
29/03/2008 14.50.59 (DIR) 0 byte 0 days old -- inf
29/03/2008 14.51.00 (DIR) 0 byte 0 days old -- Downloaded Program Files
29/03/2008 14.51.00 4237 byte 0 days old -- setupapi.log
29/03/2008 15.23.36 (DIR) 0 byte 0 days old -- erdnt
29/03/2008 15.23.50 32608 byte 0 days old -- SchedLgU.Txt
29/03/2008 15.24.42 2048 byte 0 days old -- bootstat.dat
29/03/2008 15.24.48 50 byte 0 days old -- wiaservc.log
29/03/2008 15.24.48 1298867 byte 0 days old -- WindowsUpdate.log
29/03/2008 15.24.49 157 byte 0 days old -- wiadebug.log
29/03/2008 15.24.51 0 byte 0 days old -- 0.log
29/03/2008 15.25.37 227 byte 0 days old -- system.ini
29/03/2008 15.25.57 (DIR) 0 byte 0 days old -- Temp
29/03/2008 15.26.14 (DIR) 0 byte 0 days old -- Prefetch
29/03/2008 15.26.25 (DIR) 0 byte 0 days old -- system32
29/03/2008 15.26.54 7266 byte 0 days old -- ModemLog_PCI SoftV92 Speakerphone Modem.txt

----- recent files in C:\WINDOWS\Downloaded Program Files\
05/02/2008 22.43.43 65 byte 53 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 3076
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 3com_dmi
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1054
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 2052
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- dhcp
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- wins
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- IME
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- export
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1042
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1028
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1031
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- mui
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1025
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- inetsrv
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1041
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- 1037
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- ShellExt
05/02/2008 22.39.05 (DIR) 0 byte 53 days old -- spool
05/02/2008 22.40.56 (DIR) 0 byte 53 days old -- 1033
05/02/2008 22.40.57 (DIR) 0 byte 53 days old -- MsDtc
05/02/2008 22.41.07 (DIR) 0 byte 53 days old -- ias
05/02/2008 22.41.09 21840 byte 53 days old -- emptyregdb.dat
05/02/2008 22.41.54 (DIR) 0 byte 53 days old -- icsxml
05/02/2008 22.42.07 (DIR) 0 byte 53 days old -- Macromed
05/02/2008 22.42.16 (DIR) 0 byte 53 days old -- ras
05/02/2008 22.42.51 (DIR) 0 byte 53 days old -- 1040
05/02/2008 22.42.59 (DIR) 0 byte 53 days old -- oobe
05/02/2008 22.43.39 749 byte 53 days old -- nwc.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- wuaucpl.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- ncpa.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- sapi.cpl.manifest
05/02/2008 22.43.39 749 byte 53 days old -- cdplayer.exe.manifest
05/02/2008 22.43.43 488 byte 53 days old -- logonui.exe.manifest
05/02/2008 22.43.43 488 byte 53 days old -- WindowsLogon.manifest
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- xircom
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- wbem
05/02/2008 22.46.14 261 byte 53 days old -- $winnt$.inf
05/02/2008 22.46.55 (DIR) 0 byte 53 days old -- npp
05/02/2008 22.47.47 (DIR) 0 byte 53 days old -- usmt
05/02/2008 22.48.01 (DIR) 0 byte 53 days old -- Setup
05/02/2008 23.38.18 0 byte 53 days old -- h323log.txt
06/02/2008 00.27.51 (DIR) 0 byte 52 days old -- Microsoft
06/02/2008 00.27.54 (DIR) 0 byte 52 days old -- Restore
06/02/2008 08.21.50 13732 byte 52 days old -- wpa.bak
06/02/2008 08.49.57 (DIR) 0 byte 52 days old -- ReinstallBackups
06/02/2008 09.12.50 107888 byte 52 days old -- CmdLineExt.dll
06/02/2008 10.12.33 (DIR) 0 byte 52 days old -- SoftwareDistribution
06/02/2008 14.18.36 2934 byte 52 days old -- CONFIG.NT
06/02/2008 15.39.06 (DIR) 0 byte 52 days old -- PreInstall
06/02/2008 20.44.13 (DIR) 0 byte 52 days old -- Com
06/02/2008 21.22.42 345382 byte 52 days old -- perfh010.dat
06/02/2008 21.22.42 751592 byte 52 days old -- PerfStringBackup.INI
06/02/2008 21.22.42 311740 byte 52 days old -- perfh009.dat
06/02/2008 21.22.42 40128 byte 52 days old -- perfc009.dat
06/02/2008 21.22.42 47814 byte 52 days old -- perfc010.dat
07/02/2008 12.23.18 (DIR) 0 byte 51 days old -- it-it
07/02/2008 12.23.25 138684 byte 51 days old -- TZLog.log
07/02/2008 14.02.44 (DIR) 0 byte 51 days old -- LogFiles
07/02/2008 14.08.48 23392 byte 51 days old -- nscompat.tlb
07/02/2008 14.08.48 16832 byte 51 days old -- amcompat.tlb
07/02/2008 15.51.07 (DIR) 0 byte 51 days old -- DRVSTORE
09/02/2008 08.45.18 (DIR) 0 byte 49 days old -- CatRoot
10/02/2008 13.40.24 188200 byte 48 days old -- FNTCACHE.DAT
13/02/2008 10.20.21 (DIR) 0 byte 45 days old -- dllcache
14/02/2008 17.19.24 (DIR) 0 byte 44 days old -- DirectX
05/03/2008 17.30.54 19148408 byte 24 days old -- MRT.exe
29/03/2008 11.21.40 13732 byte 0 days old -- wpa.dbl
29/03/2008 14.36.34 188 byte 0 days old -- MsiExec.exe.log
29/03/2008 14.50.59 (DIR) 0 byte 0 days old -- Kaspersky Lab
29/03/2008 15.23.39 (DIR) 0 byte 0 days old -- config
29/03/2008 15.25.28 81191 byte 0 days old -- nvapps.xml
29/03/2008 15.26.06 (DIR) 0 byte 0 days old -- CatRoot2
29/03/2008 15.26.24 (DIR) 0 byte 0 days old -- drivers

----- recent files in C:\WINDOWS\system32\drivers\
05/02/2008 22.39.00 (DIR) 0 byte 53 days old -- disdn
07/02/2008 14.03.01 (DIR) 0 byte 51 days old -- UMDF
07/02/2008 15.50.39 47360 byte 51 days old -- pcouffin.sys
29/03/2008 10.34.51 61632 byte 0 days old -- avipbb.sys
29/03/2008 15.25.26 (DIR) 0 byte 0 days old -- etc

----- recent files in C:\WINDOWS\temp\
29/03/2008 15.24.45 16384 byte 0 days old -- Perflib_Perfdata_488.dat
29/03/2008 15.25.38 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Programmi\
05/02/2008 22.40.17 (DIR) 0 byte 53 days old -- Windows NT
05/02/2008 22.40.30 (DIR) 0 byte 53 days old -- MSN Gaming Zone
05/02/2008 22.41.03 (DIR) 0 byte 53 days old -- ComPlus Applications
05/02/2008 22.41.58 (DIR) 0 byte 53 days old -- Movie Maker
05/02/2008 22.42.24 (DIR) 0 byte 53 days old -- NetMeeting
05/02/2008 22.43.33 (DIR) 0 byte 53 days old -- Servizi in linea
05/02/2008 22.43.36 (DIR) 0 byte 53 days old -- WindowsUpdate
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- microsoft frontpage
05/02/2008 22.44.39 (DIR) 0 byte 53 days old -- xerox
06/02/2008 07.50.25 (DIR) 0 byte 52 days old -- Uninstall Information
06/02/2008 08.51.11 (DIR) 0 byte 52 days old -- DIFX
06/02/2008 08.53.08 (DIR) 0 byte 52 days old -- Analog Devices
06/02/2008 08.56.12 (DIR) 0 byte 52 days old -- InstallShield Installation Information
06/02/2008 09.03.42 (DIR) 0 byte 52 days old -- Sports Interactive
06/02/2008 09.03.42 (DIR) 0 byte 52 days old -- Zero G Registry
06/02/2008 14.18.27 (DIR) 0 byte 52 days old -- Alwil Software
06/02/2008 19.17.03 (DIR) 0 byte 52 days old -- Microsoft Office
06/02/2008 19.17.28 (DIR) 0 byte 52 days old -- Microsoft.NET
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- Outlook Express
06/02/2008 20.48.36 (DIR) 0 byte 52 days old -- Messenger
07/02/2008 12.30.48 (DIR) 0 byte 51 days old -- Microsoft Silverlight
07/02/2008 14.03.23 (DIR) 0 byte 51 days old -- Windows Media Connect 2
07/02/2008 14.08.36 (DIR) 0 byte 51 days old -- Windows Media Player
07/02/2008 15.50.57 (DIR) 0 byte 51 days old -- Windows Live
09/02/2008 14.20.14 (DIR) 0 byte 49 days old -- Virgilio Toolbar
09/02/2008 14.55.17 (DIR) 0 byte 49 days old -- C6 Messenger
09/02/2008 17.13.05 (DIR) 0 byte 49 days old -- CONEXANT
12/02/2008 19.52.43 (DIR) 0 byte 46 days old -- IrfanView
13/02/2008 12.58.58 (DIR) 0 byte 45 days old -- Internet Explorer
14/02/2008 17.08.24 (DIR) 0 byte 44 days old -- Ahead
19/02/2008 09.35.53 (DIR) 0 byte 39 days old -- MSXML 4.0
01/03/2008 11.02.16 (DIR) 0 byte 28 days old -- CViewer
07/03/2008 08.45.45 (DIR) 0 byte 22 days old -- Hattrick Control
18/03/2008 16.39.44 (DIR) 0 byte 11 days old -- FLV Player
19/03/2008 20.27.39 (DIR) 0 byte 10 days old -- eMule2
21/03/2008 13.27.55 (DIR) 0 byte 8 days old -- DNA
21/03/2008 13.34.05 (DIR) 0 byte 8 days old -- BitTorrent
21/03/2008 17.48.47 (DIR) 0 byte 8 days old -- Control Viewer
26/03/2008 12.42.19 (DIR) 0 byte 3 days old -- WinRAR
29/03/2008 09.59.33 (DIR) 0 byte 0 days old -- Avira
29/03/2008 10.47.31 (DIR) 0 byte 0 days old -- PFConfig
29/03/2008 12.28.22 (DIR) 0 byte 0 days old -- CCleaner
29/03/2008 14.03.01 (DIR) 0 byte 0 days old -- RogueRemover FREE
29/03/2008 14.26.01 (DIR) 0 byte 0 days old -- Trend Micro
29/03/2008 14.29.46 (DIR) 0 byte 0 days old -- eMule
29/03/2008 14.36.13 (DIR) 0 byte 0 days old -- File comuni
29/03/2008 14.37.05 (DIR) 0 byte 0 days old -- DVDFab Platinum 3
29/03/2008 15.07.01 (DIR) 0 byte 0 days old -- FPA

----- recent files in C:\Programmi\File comuni\
05/02/2008 22.42.16 (DIR) 0 byte 53 days old -- MSSoap
05/02/2008 22.42.23 (DIR) 0 byte 53 days old -- Services
05/02/2008 22.50.18 (DIR) 0 byte 53 days old -- SpeechEngines
05/02/2008 22.50.22 (DIR) 0 byte 53 days old -- ODBC
06/02/2008 08.09.01 (DIR) 0 byte 52 days old -- InstallShield
06/02/2008 08.56.18 (DIR) 0 byte 52 days old -- snpstd
06/02/2008 19.17.02 (DIR) 0 byte 52 days old -- DESIGNER
06/02/2008 20.46.51 (DIR) 0 byte 52 days old -- System
07/02/2008 14.37.46 (DIR) 0 byte 51 days old -- WindowsLiveInstaller
10/02/2008 11.07.00 (DIR) 0 byte 48 days old -- Microsoft Shared

----- recent files in C:\Documents and Settings\Valerio\Dati applicazioni\
05/02/2008 22.49.43 62 byte 53 days old -- desktop.ini
06/02/2008 07.50.26 (DIR) 0 byte 52 days old -- Identities
06/02/2008 09.12.50 (DIR) 0 byte 52 days old -- SecuROM
07/02/2008 15.52.47 (DIR) 0 byte 51 days old -- Adobe
07/02/2008 15.54.33 (DIR) 0 byte 51 days old -- Macromedia
07/02/2008 19.25.58 (DIR) 0 byte 51 days old -- WinRAR
07/02/2008 19.27.27 (DIR) 0 byte 51 days old -- Sports Interactive
14/02/2008 17.21.15 (DIR) 0 byte 44 days old -- Nero
20/02/2008 09.51.34 (DIR) 0 byte 38 days old -- Microsoft
16/03/2008 19.24.37 (DIR) 0 byte 13 days old -- eMule
21/03/2008 14.15.11 (DIR) 0 byte 8 days old -- BitTorrent
29/03/2008 14.37.04 47360 byte 0 days old -- pcouffin.sys
29/03/2008 14.37.04 7887 byte 0 days old -- pcouffin.cat
29/03/2008 14.37.04 1144 byte 0 days old -- pcouffin.inf
29/03/2008 14.37.05 (DIR) 0 byte 0 days old -- Vso
29/03/2008 14.37.05 33 byte 0 days old -- pcouffin.log
29/03/2008 15.23.43 (DIR) 0 byte 0 days old -- DNA

----- recent files in C:\DOCUME~1\Valerio\IMPOST~1\Temp\
29/03/2008 15.26.47 16384 byte 0 days old -- ~DFC1E8.tmp
29/03/2008 15.26.47 54 byte 0 days old -- systemscan.ini
29/03/2008 15.26.55 (DIR) 0 byte 0 days old -- nsg3.tmp

===================== Duplicated files in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\WINDOWS\system32\sw20.exe"
"SW24"="C:\WINDOWS\system32\sw24.exe"
"WinSys2"="C:\WINDOWS\system32\winsys2.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe"
"SoundMAX"="\"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe\" /tray"
"CameraFixer"="C:\WINDOWS\CameraFixer.exe"
"snpstd"="C:\WINDOWS\vsnpstd.exe"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"NBKeyScan"="\"C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe\""
"avgnt"="\"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"

[run\OptionalComponents]

[run\OptionalComponents\IMAIL]
"Installed"="1"

[run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe\""
"msnmsgr"="\"C:\Programmi\Windows Live\Messenger\msnmsgr.exe\" /background"
"BitTorrent DNA"="\"C:\Programmi\DNA\btdna.exe\""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00002cdf

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe"="C:\Programmi\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\ESUpdate.exe"="C:\WINDOWS\ESUpdate.exe:*:Enabled:Virgilio Toolbar"
"C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe"="C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe:*:Enabled:C6 Scambia File"
"C:\Programmi\C6 Messenger\c6Messenger.exe"="C:\Programmi\C6 Messenger\c6Messenger.exe:*:Enabled:C6 Messenger"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\eMule2\emule.exe"="C:\Programmi\eMule2\emule.exe:*:Enabled:eMuleMorphXT"
"C:\Programmi\DNA\btdna.exe"="C:\Programmi\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programmi\BitTorrent\bittorrent.exe"="C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

[AU]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{D1FF7F4A-899A-42AB-8588-03237D4456D8}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\RogueRemover Free]

[VB and VBA Program Settings\RogueRemover Free\Run]

[VB and VBA Program Settings\vbSkinner Pro 2]

[VB and VBA Program Settings\vbSkinner Pro 2\C:]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi\PFConfig]

[VB and VBA Program Settings\vbSkinner Pro 2\C:\Programmi\PFConfig\PFConfig.exe]

[VB and VBA Program Settings\vbSkinner Pro 2\Msgbox_Captions]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
"@="Aggiornamento della protezione per Windows XP (KB923789)"
"ComponentID"="KB923789"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {CEDCC9D8-A663-492A-AE05-FA6CBB276160} REG_BINARY 0F000000000000000000000000000000AF51EE47F9000000000000000000000000000000AF51EE4701000000000000000000000000000000AF51EE472B000000000000000000000000000000AF51EE472C000000000000000000000000000000AF51EE4706000000000000000000000000000000AF51EE47
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {CEDCC9D8-A663-492A-AE05-FA6CBB276160} REG_BINARY 0F000000000000000000000000000000854EEE47F9000000000000000000000000000000854EEE4701000000000000000000000000000000854EEE472B000000000000000000000000000000854EEE472C000000000000000000000000000000854EEE4706000000000000000000000000000000854EEE47
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11487 (0x2CDF)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 11477 (0x2CD5)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Programmi\MSN BackUp\MSNBackup.exe REG_SZ C:\Programmi\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NTEContextList REG_MULTI_SZ 0x00000003\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpIPAddress REG_SZ 62.11.16.191
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{CEDCC9D8-A663-492A-AE05-FA6CBB276160} NameServer REG_SZ 213.205.36.70 213.205.32.70
> Value: HKEY_
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 29 Mar 2008 16:42    Oggetto: Rispondi citando
Vedo che combofix ha eliminato un paio di voci. Smile

  • Disabilita il tuo antivirus
  • Fai una scansione online con Bitdefender.
  • Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
    Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 29 Mar 2008 16:42    Oggetto: Rispondi citando
AntiVir PersonalEdition Classic
Report file date: sabato 29 marzo 2008 15:31

Scanning for 1169688 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Valerio
Computer name: CASA-VALERIO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:34:50
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 09:34:50
ANTIVIR3.VDF : 7.0.3.92 20480 Bytes 28/03/2008 09:34:50
AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 29/03/2008 09:34:51
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/03/2008 09:34:51
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\programmi\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: sabato 29 marzo 2008 15:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'runme.exe' - '1' Module(s) have been scanned
Scan process 'sys93255.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
Scan process 'CameraFixer.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'WinSys2.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Valerio\Desktop\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> 327882R2FWJFW\psexec.cfexe
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
--> 327882R2FWJFW\pv.cfexe
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[INFO] The file was deleted!
C:\Documents and Settings\Valerio\Desktop\antivirus\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was deleted!
C:\Documents and Settings\Valerio\Impostazioni locali\Temp\nsg3.tmp\dxqmjct.exe
[DETECTION] Contains detection pattern of the SPR/Avenger program
[INFO] The file was deleted!


End of the scan: sabato 29 marzo 2008 15:40
Used time: 08:27 min

The scan has been done completely.

2195 Scanning directories
113940 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
113935 Files not concerned
573 Archives were scanned
1 Warnings
0 Notes
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 30 Mar 2008 12:38    Oggetto: Rispondi citando
ecco il link della scansione online kaspersky: link
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 30 Mar 2008 19:03    Oggetto: Rispondi citando
mitico bdoriano,ho fatto cio' che mi hai detto,e ora che fo?
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 31 Mar 2008 10:08    Oggetto: Rispondi citando
Purtroppo, 4MB di log non è di facile lettura (anzi)

  • Disabilita il ripristino di sistema.
  • Pulisci i files temporanei con ATF-Cleaner e/o CCleaner (passaggio obbligatorio)
  • Chiudi messenger e tutti gli altri programmi (altro passaggio obbligatorio)
  • Ri-collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
    Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 31 Mar 2008 10:43    Oggetto: Rispondi citando
ora la scansione online kaspersky non mi da ne virus ne file sopspetti,ma solo qualche file bloccato: link
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 31 Mar 2008 12:35    Oggetto: Rispondi citando
No, ancora non ci siamo. Rolling Eyes
I files temporanei e i cookies di internet non risultano cancellati.
In più, risulta attivo Windows Live durante la scansione, il che aumenta le informazioni inutili nel log.
Siamo passati da 4,12MB a 4,64MB... il log, in queste condizioni, non è leggibile.
Spiacente. Confused
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 31 Mar 2008 15:49    Oggetto: Rispondi citando
ultimo tentativo,meglio di così non posso fare Embarassed
link
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 31 Mar 2008 18:34    Oggetto: Rispondi citando
Decisamente meglio. Wink

Vedo parecchi oggetti bloccati, probabilmente dovuto al fatto che ci sono almeno 2 utenti sul pc (protetti da password).
Dovresti fare i controlli anche dal secondo utente, per vedere se viene trovato ancora qualcosa. Ovviamente, prima, fai tutte le pulizie con CCleaner e ATFCleaner.

Giusto per completezza di informazione, con quale utente hai fatto i controlli? (linda o valerio)?
Top
Profilo Invia messaggio privato
maddog79
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 02/02/08 13:22
Messaggi: 159
MessaggioInviato: 31 Mar 2008 19:11    Oggetto: Rispondi
li ho fatti con valerio,ora li vado a fare con linda e poi riporto il link della scansione Wink
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi