Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
AIUTO probabile infezione rootkit
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
matrixenry
Eroe
Eroe


Registrato: 15/04/08 23:12
Messaggi: 49
Residenza: Volvera-(TO)
MessaggioInviato: 16 Lug 2008 19:30    Oggetto: AIUTO probabile infezione rootkit Rispondi citando
ciao a tutti ho fatto appena adesso una scansione con avg prof. è il risultato è stato c:\windows\system32\driver\a2z7asct.sys
Ho installato avg antirootkit1.1 e mi dice che lo ha rimosso ma alla successiva scansione mi ritorna cambiando l'ultima sigla anziche a2z7asct.sys mi viene acm3kiqk.sys
premetto che ho fatto altre scansioni con altri tipi di antirootkit tipo
GMER - ROOTKIT REVELATOR - BLACKLIGHT - SOPHOS ANTI-ROOTKIT ma tutto è stato invano specifico che il portatile in questione non da grossi problemi ma , sono un po' pignolo mi piace che sia tutto perfetto.
grazie in anticipo aiutatemi ciao
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14300
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 16 Lug 2008 20:57    Oggetto: Rispondi citando
Ciao matrixenry, Ciao

Dovresti postare i vari logs che hai creato, così possiamo cominciare a vedere qualcosa.

Appena puoi, fai questa scansione con SystemScan e posta il log su WikiSend e posta il Forum Link che ti viene assegnato.
Top
Profilo Invia messaggio privato
matrixenry
Eroe
Eroe


Registrato: 15/04/08 23:12
Messaggi: 49
Residenza: Volvera-(TO)
MessaggioInviato: 18 Lug 2008 19:17    Oggetto: Rispondi citando
http://wikisend.com/download/882316/report.txt questa e' la scansione con sistem scan
mentre per le le chiavi di registro non sono presenti le voci explorer.exe ne' iexplorer.exe e neanche la voce userinit esiste.........
ti ringrazio infinitamente attendo tue istruzioni ciao
Top
Profilo Invia messaggio privato
matrixenry
Eroe
Eroe


Registrato: 15/04/08 23:12
Messaggi: 49
Residenza: Volvera-(TO)
MessaggioInviato: 18 Lug 2008 19:31    Oggetto: Rispondi citando
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\matrixenry\Desktop\sys91491.exe
Running in: User mode
Date: 18/07/2008
Time: 19.52.37

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | matrixenry
| SUPPORT_388945a0 (Disabled)

### users folders

05/06/2008 19.21.52 (DIR) 0 byte 43 days old -- All Users
05/06/2008 19.23.38 (DIR) 0 byte 43 days old -- Default User
05/06/2008 19.29.12 (DIR) 0 byte 43 days old -- NetworkService
05/06/2008 19.29.31 (DIR) 0 byte 43 days old -- LocalService
05/07/2008 14.55.08 (DIR) 0 byte 13 days old -- Administrator
13/07/2008 21.00.51 (DIR) 0 byte 5 days old -- matrixenry

### startup files in users folders

C:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\matrixenry\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== RECENT FILES =====================

Showing files newer than 60 days

----- recent files in C:\
05/06/2008 19.23.28 0 byte 43 days old -- CONFIG.SYS
05/06/2008 19.23.28 0 byte 43 days old -- IO.SYS
05/06/2008 19.23.28 0 byte 43 days old -- MSDOS.SYS
05/06/2008 19.23.28 0 byte 43 days old -- AUTOEXEC.BAT
05/06/2008 19.29.35 (DIR) 0 byte 43 days old -- System Volume Information
05/06/2008 20.47.52 (DIR) 0 byte 43 days old -- RECYCLER
12/06/2008 21.51.40 211 byte 36 days old -- boot.ini
28/06/2008 18.13.06 132 byte 20 days old -- windows.bat
29/06/2008 11.20.21 (DIR) 0 byte 19 days old -- $AVG8.VAULT$
05/07/2008 14.55.04 (DIR) 0 byte 13 days old -- Documents and Settings
05/07/2008 15.35.05 (DIR) 0 byte 13 days old -- fsaua.data
13/07/2008 20.02.21 (DIR) 0 byte 5 days old -- VEXPLITE
16/07/2008 20.35.38 (DIR) 0 byte 2 days old -- Programmi
16/07/2008 20.43.07 (DIR) 0 byte 2 days old -- Config.Msi
18/07/2008 13.28.52 (DIR) 0 byte 0 days old -- WINDOWS
18/07/2008 19.43.41 377487360 byte 0 days old -- pagefile.sys

----- recent files in C:\WINDOWS\
05/06/2008 19.18.09 (DIR) 0 byte 43 days old -- Cursors
05/06/2008 19.18.43 36 byte 43 days old -- vb.ini
05/06/2008 19.18.43 37 byte 43 days old -- vbaddin.ini
05/06/2008 19.20.01 (DIR) 0 byte 43 days old -- pchealth
05/06/2008 19.20.57 (DIR) 0 byte 43 days old -- srchasst
05/06/2008 19.21.25 749 byte 43 days old -- WindowsShell.Manifest
05/06/2008 19.21.34 (DIR) 0 byte 43 days old -- Offline Web Pages
05/06/2008 19.21.39 (DIR) 0 byte 43 days old -- Web
05/06/2008 19.22.57 (DIR) 0 byte 43 days old -- Registration
05/06/2008 19.23.04 4161 byte 43 days old -- ODBCINST.INI
05/06/2008 19.23.19 316640 byte 43 days old -- WMSysPr9.prx
05/06/2008 19.23.28 0 byte 43 days old -- control.ini
05/06/2008 19.23.58 (DIR) 0 byte 43 days old -- repair
05/06/2008 19.24.00 (DIR) 0 byte 43 days old -- ime
05/06/2008 19.29.16 8192 byte 43 days old -- REGLOCS.OLD
05/06/2008 19.33.00 (DIR) 0 byte 43 days old -- system
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- java
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- mui
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- Connection Wizard
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- Provisioning
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- msapps
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- Config
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- Driver Cache
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- Resources
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- addins
05/06/2008 21.04.32 (DIR) 0 byte 43 days old -- twain_32
05/06/2008 21.06.12 (DIR) 0 byte 43 days old -- msagent
05/06/2008 21.06.30 (DIR) 0 byte 43 days old -- PeerNet
05/06/2008 21.06.38 (DIR) 0 byte 43 days old -- Media
05/06/2008 21.06.40 (DIR) 0 byte 43 days old -- ehome
05/06/2008 21.06.41 (DIR) 0 byte 43 days old -- AppPatch
07/06/2008 18.02.21 (DIR) 0 byte 41 days old -- Debug
07/06/2008 18.04.48 (DIR) 0 byte 41 days old -- pss
08/06/2008 00.21.33 (DIR) 0 byte 40 days old -- Help
08/06/2008 00.25.39 4250 byte 40 days old -- ModemLog_Agere Systems AC'97 Modem.txt
12/06/2008 21.51.40 502 byte 36 days old -- win.ini
12/06/2008 21.51.40 227 byte 36 days old -- system.ini
21/06/2008 20.44.45 (DIR) 0 byte 27 days old -- Sun
28/06/2008 18.12.24 28889038 byte 20 days old -- Ancient Quest of Saqqarah.exe
29/06/2008 12.04.17 691545 byte 19 days old -- unins000.exe
29/06/2008 12.08.03 2547 byte 19 days old -- unins000.dat
04/07/2008 22.07.26 (DIR) 0 byte 14 days old -- security
05/07/2008 13.59.38 884736 byte 13 days old -- gmer.dll
05/07/2008 13.59.38 80 byte 13 days old -- gmer_uninstall.cmd
05/07/2008 15.07.56 644790 byte 13 days old -- ntbtlog.txt
05/07/2008 15.07.59 250 byte 13 days old -- gmer.ini
05/07/2008 15.09.28 (DIR) 0 byte 13 days old -- Minidump
05/07/2008 15.54.31 (DIR) 0 byte 13 days old -- Fonts
05/07/2008 15.54.32 (DIR) 0 byte 13 days old -- Tasks
05/07/2008 16.45.33 (DIR) 0 byte 13 days old -- Downloaded Program Files
13/07/2008 21.13.59 69 byte 5 days old -- NeroDigital.ini
16/07/2008 20.31.58 (DIR) 0 byte 2 days old -- SoftwareDistribution
16/07/2008 20.36.25 (DIR) 0 byte 2 days old -- inf
16/07/2008 20.37.10 0 byte 2 days old -- Sti_Trace.log
16/07/2008 20.37.17 10376 byte 2 days old -- DPINST.LOG
16/07/2008 20.38.51 (DIR) 0 byte 2 days old -- WinSxS
16/07/2008 20.43.07 (DIR) 0 byte 2 days old -- Installer
16/07/2008 20.43.10 149021 byte 2 days old -- HPHins15.dat
16/07/2008 20.46.32 (DIR) 0 byte 2 days old -- system32
18/07/2008 13.31.15 32476 byte 0 days old -- SchedLgU.Txt
18/07/2008 19.43.43 2048 byte 0 days old -- bootstat.dat
18/07/2008 19.45.24 0 byte 0 days old -- 0.log
18/07/2008 19.50.31 10874 byte 0 days old -- setupapi.log
18/07/2008 19.50.45 185592 byte 0 days old -- WindowsUpdate.log
18/07/2008 19.52.39 (DIR) 0 byte 0 days old -- Temp
18/07/2008 19.52.39 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
05/06/2008 19.21.34 65 byte 43 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
05/06/2008 19.14.24 (DIR) 0 byte 43 days old -- spool
05/06/2008 19.18.34 (DIR) 0 byte 43 days old -- MsDtc
05/06/2008 19.19.01 21840 byte 43 days old -- emptyregdb.dat
05/06/2008 19.19.03 (DIR) 0 byte 43 days old -- Com
05/06/2008 19.20.41 (DIR) 0 byte 43 days old -- oobe
05/06/2008 19.21.25 749 byte 43 days old -- sapi.cpl.manifest
05/06/2008 19.21.25 749 byte 43 days old -- wuaucpl.cpl.manifest
05/06/2008 19.21.25 749 byte 43 days old -- nwc.cpl.manifest
05/06/2008 19.21.25 749 byte 43 days old -- cdplayer.exe.manifest
05/06/2008 19.21.25 749 byte 43 days old -- ncpa.cpl.manifest
05/06/2008 19.21.34 488 byte 43 days old -- logonui.exe.manifest
05/06/2008 19.21.34 488 byte 43 days old -- WindowsLogon.manifest
05/06/2008 19.22.37 (DIR) 0 byte 43 days old -- ias
05/06/2008 19.23.28 2885 byte 43 days old -- CONFIG.NT
05/06/2008 19.23.59 (DIR) 0 byte 43 days old -- xircom
05/06/2008 19.24.00 (DIR) 0 byte 43 days old -- wbem
05/06/2008 19.28.02 261 byte 43 days old -- $winnt$.inf
05/06/2008 19.29.00 91088 byte 43 days old -- FNTCACHE.DAT
05/06/2008 19.29.31 (DIR) 0 byte 43 days old -- Microsoft
05/06/2008 19.29.34 (DIR) 0 byte 43 days old -- Restore
05/06/2008 19.35.15 (DIR) 0 byte 43 days old -- ReinstallBackups
05/06/2008 20.47.25 6675 byte 43 days old -- jupdate-1.6.0_06-b02.log
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- export
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- IME
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- ShellExt
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- wins
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- inetsrv
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- mui
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 1054
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 1042
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 2052
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 3com_dmi
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 3076
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 1028
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 1025
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 1031
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 1041
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- 1037
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- dhcp
05/06/2008 21.03.59 (DIR) 0 byte 43 days old -- 1033
05/06/2008 21.04.22 (DIR) 0 byte 43 days old -- icsxml
05/06/2008 21.04.27 (DIR) 0 byte 43 days old -- ras
05/06/2008 21.04.35 (DIR) 0 byte 43 days old -- 1040
05/06/2008 21.06.18 (DIR) 0 byte 43 days old -- npp
05/06/2008 21.06.48 (DIR) 0 byte 43 days old -- usmt
05/06/2008 21.06.55 (DIR) 0 byte 43 days old -- Setup
05/06/2008 21.08.32 (DIR) 0 byte 43 days old -- CatRoot
05/06/2008 21.13.49 0 byte 43 days old -- h323log.txt
08/06/2008 00.21.21 2272 byte 40 days old -- w95inf16.dll
08/06/2008 00.21.21 4608 byte 40 days old -- w95inf32.dll
08/06/2008 00.21.35 16832 byte 40 days old -- amcompat.tlb
08/06/2008 00.21.35 23392 byte 40 days old -- nscompat.tlb
15/06/2008 14.22.03 (DIR) 0 byte 33 days old -- DirectX
17/06/2008 15.14.46 499712 byte 31 days old -- msvcp71.dll
17/06/2008 15.17.10 348160 byte 31 days old -- msvcr71.dll
04/07/2008 21.36.41 311938 byte 14 days old -- perfh009.dat
04/07/2008 21.36.41 48012 byte 14 days old -- perfc010.dat
04/07/2008 21.36.41 40326 byte 14 days old -- perfc009.dat
04/07/2008 21.36.41 345620 byte 14 days old -- perfh010.dat
04/07/2008 21.36.41 751592 byte 14 days old -- PerfStringBackup.INI
05/07/2008 17.35.43 (DIR) 0 byte 13 days old -- config
07/07/2008 20.22.41 10520 byte 11 days old -- avgrsstx.dll
08/07/2008 19.12.40 (DIR) 0 byte 10 days old -- appmgmt
13/07/2008 21.27.47 (DIR) 0 byte 5 days old -- Macromed
13/07/2008 21.29.33 (DIR) 0 byte 5 days old -- Adobe
16/07/2008 20.35.29 (DIR) 0 byte 2 days old -- drivers
16/07/2008 20.36.14 (DIR) 0 byte 2 days old -- DRVSTORE
16/07/2008 20.36.37 (DIR) 0 byte 2 days old -- dllcache
18/07/2008 13.27.24 2206 byte 0 days old -- wpa.dbl
18/07/2008 19.44.33 (DIR) 0 byte 0 days old -- CatRoot2

----- recent files in C:\WINDOWS\system32\drivers\
05/06/2008 21.03.04 (DIR) 0 byte 43 days old -- disdn
08/06/2008 00.12.35 716272 byte 40 days old -- sptd.sys
21/06/2008 11.37.06 96520 byte 27 days old -- avgldx86.sys
21/06/2008 11.37.35 76040 byte 27 days old -- avgtdix.sys
21/06/2008 11.37.37 12936 byte 27 days old -- avgrkx86.sys
29/06/2008 12.32.01 (DIR) 0 byte 19 days old -- etc
05/07/2008 13.59.38 85969 byte 13 days old -- gmer.sys
07/07/2008 20.22.41 26824 byte 11 days old -- avgmfx86.sys
08/07/2008 19.47.25 39808 byte 10 days old -- VIRAGTLT.SYS
18/07/2008 13.30.35 (DIR) 0 byte 0 days old -- Avg

----- recent files in C:\WINDOWS\temp\
16/07/2008 20.42.37 595028 byte 2 days old -- ProductContextD2400.log
18/07/2008 19.50.31 7831 byte 0 days old -- hpqddsvc.log

----- recent files in C:\Programmi\
05/06/2008 19.18.04 (DIR) 0 byte 43 days old -- Windows NT
05/06/2008 19.18.12 (DIR) 0 byte 43 days old -- MSN Gaming Zone
05/06/2008 19.18.17 (DIR) 0 byte 43 days old -- Messenger
05/06/2008 19.18.47 (DIR) 0 byte 43 days old -- ComPlus Applications
05/06/2008 19.20.08 (DIR) 0 byte 43 days old -- Movie Maker
05/06/2008 19.20.19 (DIR) 0 byte 43 days old -- Outlook Express
05/06/2008 19.20.22 (DIR) 0 byte 43 days old -- NetMeeting
05/06/2008 19.21.11 (DIR) 0 byte 43 days old -- Servizi in linea
05/06/2008 19.21.17 (DIR) 0 byte 43 days old -- WindowsUpdate
05/06/2008 19.21.33 (DIR) 0 byte 43 days old -- Internet Explorer
05/06/2008 19.23.59 (DIR) 0 byte 43 days old -- microsoft frontpage
05/06/2008 19.24.00 (DIR) 0 byte 43 days old -- xerox
05/06/2008 19.31.43 (DIR) 0 byte 43 days old -- Uninstall Information
05/06/2008 19.40.57 (DIR) 0 byte 43 days old -- AVG
05/06/2008 19.51.32 (DIR) 0 byte 43 days old -- uTorrent
05/06/2008 19.54.41 (DIR) 0 byte 43 days old -- CCleaner
05/06/2008 19.57.12 (DIR) 0 byte 43 days old -- Coloring Book Painter
05/06/2008 20.47.25 (DIR) 0 byte 43 days old -- Java
06/06/2008 18.43.53 (DIR) 0 byte 42 days old -- Glary Utilities
06/06/2008 18.55.53 (DIR) 0 byte 42 days old -- Kaspersky Lab
07/06/2008 18.52.47 (DIR) 0 byte 41 days old -- Oberon Media
08/06/2008 00.15.10 (DIR) 0 byte 40 days old -- Alcohol Soft
08/06/2008 00.20.11 (DIR) 0 byte 40 days old -- CANAL+
08/06/2008 00.21.42 (DIR) 0 byte 40 days old -- Windows Media Player
08/06/2008 01.26.16 (DIR) 0 byte 40 days old -- VideoLAN
10/06/2008 21.21.58 (DIR) 0 byte 38 days old -- Google
11/06/2008 08.45.07 (DIR) 0 byte 37 days old -- WinRAR
15/06/2008 13.07.07 (DIR) 0 byte 33 days old -- Opera
15/06/2008 14.24.45 (DIR) 0 byte 33 days old -- Nero
29/06/2008 12.23.20 (DIR) 0 byte 19 days old -- Spybot - Search & Destroy
05/07/2008 14.28.16 (DIR) 0 byte 13 days old -- GRISOFT
08/07/2008 19.13.48 (DIR) 0 byte 10 days old -- File comuni
08/07/2008 19.14.07 (DIR) 0 byte 10 days old -- Sophos
08/07/2008 19.14.24 (DIR) 0 byte 10 days old -- Yahoo!
15/07/2008 18.52.51 (DIR) 0 byte 3 days old -- Unlocker
15/07/2008 20.21.52 (DIR) 0 byte 3 days old -- eMule
16/07/2008 20.41.00 (DIR) 0 byte 2 days old -- HP

----- recent files in C:\Programmi\File comuni\
05/06/2008 19.19.53 (DIR) 0 byte 43 days old -- System
05/06/2008 19.20.17 (DIR) 0 byte 43 days old -- MSSoap
05/06/2008 19.20.21 (DIR) 0 byte 43 days old -- Services
05/06/2008 19.40.52 (DIR) 0 byte 43 days old -- Microsoft Shared
05/06/2008 20.45.36 (DIR) 0 byte 43 days old -- Java
05/06/2008 21.09.16 (DIR) 0 byte 43 days old -- SpeechEngines
05/06/2008 21.09.20 (DIR) 0 byte 43 days old -- ODBC
15/06/2008 14.31.18 (DIR) 0 byte 33 days old -- Ahead
16/07/2008 20.38.05 (DIR) 0 byte 2 days old -- HP

----- recent files in C:\Documents and Settings\matrixenry\Dati applicazioni\
05/06/2008 19.31.45 (DIR) 0 byte 43 days old -- Identities
05/06/2008 19.48.09 (DIR) 0 byte 43 days old -- Opera
05/06/2008 21.08.45 62 byte 43 days old -- desktop.ini
06/06/2008 18.53.11 (DIR) 0 byte 42 days old -- GlarySoft
08/06/2008 01.29.14 (DIR) 0 byte 40 days old -- vlc
15/06/2008 20.43.47 (DIR) 0 byte 33 days old -- Ahead
21/06/2008 20.44.44 (DIR) 0 byte 27 days old -- Sun
28/06/2008 17.48.19 (DIR) 0 byte 20 days old -- Macromedia
29/06/2008 01.05.52 (DIR) 0 byte 19 days old -- Media Player Classic
29/06/2008 13.46.38 (DIR) 0 byte 19 days old -- FDRLab
29/06/2008 21.07.44 (DIR) 0 byte 19 days old -- Skype
05/07/2008 15.54.42 (DIR) 0 byte 13 days old -- Microsoft
13/07/2008 00.54.11 (DIR) 0 byte 5 days old -- uTorrent
13/07/2008 20.25.11 (DIR) 0 byte 5 days old -- Desktopicon
13/07/2008 21.27.50 (DIR) 0 byte 5 days old -- Adobe
16/07/2008 20.41.00 (DIR) 0 byte 2 days old -- HPAppData

----- recent files in C:\DOCUME~1\MATRIX~1\IMPOST~1\Temp\
05/07/2008 14.24.57 4304 byte 13 days old -- avg8inst.log
05/07/2008 14.58.55 (DIR) 0 byte 13 days old -- Rar$EX00.135
05/07/2008 15.07.33 626 byte 13 days old -- sarscan.log
05/07/2008 15.07.54 (DIR) 0 byte 13 days old -- Rar$EX00.943
05/07/2008 15.25.56 (DIR) 0 byte 13 days old -- Rar$EX00.413
05/07/2008 15.35.05 (DIR) 0 byte 13 days old -- fsaua.tmp
05/07/2008 15.37.02 (DIR) 0 byte 13 days old -- F-Secure
05/07/2008 15.37.05 946972 byte 13 days old -- nvcbin.def.AB37B891.TMP
05/07/2008 15.54.17 (DIR) 0 byte 13 days old -- Rar$ML00.897
05/07/2008 16.44.54 (DIR) 0 byte 13 days old -- OnlineScanner
13/07/2008 20.08.47 92672 byte 5 days old -- 42942.exe
13/07/2008 21.21.28 (DIR) 0 byte 5 days old -- ICD1.tmp
13/07/2008 21.26.47 0 byte 5 days old -- MSW10.tmp
13/07/2008 21.27.25 0 byte 5 days old -- MSW17.tmp
13/07/2008 21.27.58 28508 byte 5 days old -- AAX1D.tmp
13/07/2008 21.29.33 28508 byte 5 days old -- AAX1E.tmp
13/07/2008 21.29.49 28508 byte 5 days old -- AAX1F.tmp
13/07/2008 21.30.19 28508 byte 5 days old -- AAX20.tmp
13/07/2008 21.30.46 28508 byte 5 days old -- AAX21.tmp
13/07/2008 21.30.52 28508 byte 5 days old -- AAX22.tmp
16/07/2008 20.33.44 3543 byte 2 days old -- setup0000.log
16/07/2008 20.34.14 1340 byte 2 days old -- hpzpnp000.log
16/07/2008 20.34.16 2009 byte 2 days old -- hpzpsc000.log
16/07/2008 20.34.20 1648 byte 2 days old -- hpznop000.log
16/07/2008 20.34.20 1854 byte 2 days old -- hpzshl000.log
16/07/2008 20.34.52 2372 byte 2 days old -- hpzrei000.log
16/07/2008 20.34.54 1925 byte 2 days old -- hpzwup000.log
16/07/2008 20.34.54 1569 byte 2 days old -- hpzshl001.log
16/07/2008 20.35.00 1940 byte 2 days old -- hpzopt000.log
16/07/2008 20.35.00 8192 byte 2 days old -- hpzchk000.log
16/07/2008 20.35.04 2173 byte 2 days old -- hpzpsc001.log
16/07/2008 20.35.04 2339 byte 2 days old -- hpzsui000.log
16/07/2008 20.35.04 1892 byte 2 days old -- hpzgat000.log
16/07/2008 20.35.11 1587 byte 2 days old -- hpzwrp000.log
16/07/2008 20.35.31 103403 byte 2 days old -- hpzshl002.log
16/07/2008 20.35.53 1910 byte 2 days old -- hpzprl000.log
16/07/2008 20.36.01 2153 byte 2 days old -- hpzrcv000.log
16/07/2008 20.36.03 1537 byte 2 days old -- hpzwrp001.log
16/07/2008 20.36.10 2285 byte 2 days old -- hpzprl001.log
16/07/2008 20.36.12 2254 byte 2 days old -- hpzprl002.log
16/07/2008 20.36.52 528 byte 2 days old -- DPInst000.log
16/07/2008 20.37.12 11086 byte 2 days old -- HPZIDS000.log
16/07/2008 20.37.19 1528 byte 2 days old -- hpzwrp002.log
16/07/2008 20.37.21 1821 byte 2 days old -- hpzcdl000.log
16/07/2008 20.37.22 1749 byte 2 days old -- hpznop001.log
16/07/2008 20.37.29 1889 byte 2 days old -- hpzprl003.log
16/07/2008 20.37.33 2268 byte 2 days old -- hpzprl004.log
16/07/2008 20.37.34 2265 byte 2 days old -- hpzprl005.log
16/07/2008 20.37.35 2241 byte 2 days old -- hpzprl006.log
16/07/2008 20.37.55 284 byte 2 days old -- HPHMSI_dj_sf_software.log
16/07/2008 20.38.01 284 byte 2 days old -- HPHMSI_dj_sf_software_req.log
16/07/2008 20.38.11 284 byte 2 days old -- HPHUnloadSupport.log
16/07/2008 20.38.15 284 byte 2 days old -- HPHMSI_WebReg.log
16/07/2008 20.38.18 284 byte 2 days old -- HPHMSI_Toolbox.log
16/07/2008 20.38.23 8749 byte 2 days old -- hpzmsi000.log
16/07/2008 20.38.23 190 byte 2 days old -- HPHMSI_BufferChm.log
16/07/2008 20.38.24 2467 byte 2 days old -- hpzarp000.log
16/07/2008 20.38.26 2444 byte 2 days old -- hpzmsi001.log
16/07/2008 20.38.27 1692 byte 2 days old -- hpzset001.log
16/07/2008 20.38.30 1872 byte 2 days old -- hpzrcv001.log
16/07/2008 20.38.31 2306 byte 2 days old -- hpzrcv002.log
16/07/2008 20.38.35 284 byte 2 days old -- HPHMSI_DeviceManagementQFolder.log
16/07/2008 20.38.43 284 byte 2 days old -- HPHMSI_TrayApp.log
16/07/2008 20.38.58 284 byte 2 days old -- HPHMSI_Status.log
16/07/2008 20.39.03 472 byte 2 days old -- HPHMSI_PanoStandAlone.log
16/07/2008 20.39.09 7901 byte 2 days old -- hpzmsi002.log
16/07/2008 20.39.09 190 byte 2 days old -- HPHMSI_DeviceDiscovery.log
16/07/2008 20.39.10 2444 byte 2 days old -- hpzmsi003.log
16/07/2008 20.39.16 2219 byte 2 days old -- hpzprl007.log
16/07/2008 20.39.17 2328 byte 2 days old -- hpzarp001.log
16/07/2008 20.39.18 1692 byte 2 days old -- hpzset002.log
16/07/2008 20.39.22 472 byte 2 days old -- HPHMSI_eSupportQFolder.log
16/07/2008 20.39.36 284 byte 2 days old -- HPHMSI_hpproductassistant.log
16/07/2008 20.39.47 682 byte 2 days old -- HPHMSI_SolutionCenter.log
16/07/2008 20.39.47 6028 byte 2 days old -- hpzmsi004.log
16/07/2008 20.39.48 2096 byte 2 days old -- hpzmsi005.log
16/07/2008 20.39.49 2153 byte 2 days old -- hpzprl008.log
16/07/2008 20.39.50 2324 byte 2 days old -- hpzarp002.log
16/07/2008 20.39.51 1692 byte 2 days old -- hpzset003.log
16/07/2008 20.40.25 206 byte 2 days old -- HPHMSI_HPUpdate.log
16/07/2008 20.40.27 4215 byte 2 days old -- hpzmsi006.log
16/07/2008 20.40.29 1864 byte 2 days old -- hpzmsi007.log
16/07/2008 20.40.34 472 byte 2 days old -- HPHMSI_CustomerResearchQFolder.log
16/07/2008 20.40.37 58 byte 2 days old -- MsiExe000.log
16/07/2008 20.40.39 4035 byte 2 days old -- hpzmsi008.log
16/07/2008 20.40.39 190 byte 2 days old -- HPHMSI_Mars.log
16/07/2008 20.40.40 1980 byte 2 days old -- hpzmsi009.log
16/07/2008 20.40.45 2215 byte 2 days old -- hpzprl009.log
16/07/2008 20.40.47 2323 byte 2 days old -- hpzarp003.log
16/07/2008 20.40.48 1692 byte 2 days old -- hpzset004.log
16/07/2008 20.40.53 2439 byte 2 days old -- hpzmsi010.log
16/07/2008 20.40.53 206 byte 2 days old -- HPHDTSS.log
16/07/2008 20.40.55 1864 byte 2 days old -- hpzmsi011.log
16/07/2008 20.40.58 0 byte 2 days old -- isED.tmp
16/07/2008 20.41.09 2518 byte 2 days old -- hpzmsi012.log
16/07/2008 20.41.09 206 byte 2 days old -- HPHWebPrint.log
16/07/2008 20.41.10 1864 byte 2 days old -- hpzmsi013.log
16/07/2008 20.41.27 284 byte 2 days old -- HPHPSSWCore.log
16/07/2008 20.41.32 284 byte 2 days old -- HPHHPPhotosmartEssential.log
16/07/2008 20.41.35 190 byte 2 days old -- HPHvideotoolkit01.log
16/07/2008 20.41.35 5359 byte 2 days old -- hpzmsi014.log
16/07/2008 20.41.37 2096 byte 2 days old -- hpzmsi015.log
16/07/2008 20.41.41 2219 byte 2 days old -- hpzprl010.log
16/07/2008 20.41.43 2328 byte 2 days old -- hpzarp004.log
16/07/2008 20.41.44 1692 byte 2 days old -- hpzset005.log
16/07/2008 20.41.46 2788 byte 2 days old -- hpzpnp001.log
16/07/2008 20.42.13 2093 byte 2 days old -- hpzdui000.log
16/07/2008 20.42.14 1748 byte 2 days old -- hpzmsi016.log
16/07/2008 20.42.14 2788 byte 2 days old -- hpzpnp002.log
16/07/2008 20.42.20 1872 byte 2 days old -- hpzrcv003.log
16/07/2008 20.42.29 1342 byte 2 days old -- MAR107.tmp
16/07/2008 20.42.31 1285 byte 2 days old -- MAR108.tmp
16/07/2008 20.42.48 1855 byte 2 days old -- hpznop002.log
16/07/2008 20.42.58 3089 byte 2 days old -- hpzmsi017.log
16/07/2008 20.42.58 2587 byte 2 days old -- hpzcdl001.log
16/07/2008 20.42.58 206 byte 2 days old -- hpz_MSI.D2400_install.log
16/07/2008 20.43.07 2423 byte 2 days old -- hpzmsi018.log
16/07/2008 20.43.07 2602 byte 2 days old -- hpzcdl002.log
16/07/2008 20.43.07 190 byte 2 days old -- hpz_MSI.D2400_Help_install.log
16/07/2008 20.43.09 2327 byte 2 days old -- hpzmsi019.log
16/07/2008 20.43.10 23868 byte 2 days old -- hpzset000.log
16/07/2008 20.43.12 1808 byte 2 days old -- hpzstu000.log
16/07/2008 20.43.45 6610 byte 2 days old -- hpzpsl000.log
16/07/2008 20.43.47 2463 byte 2 days old -- hpzstu001.log
16/07/2008 20.43.47 4138 byte 2 days old -- hpzset006.log
16/07/2008 20.44.36 3963 byte 2 days old -- setup0001.log
18/07/2008 13.29.24 1285 byte 0 days old -- MAR2.tmp
18/07/2008 13.29.24 1342 byte 0 days old -- MAR1.tmp
18/07/2008 19.45.47 1342 byte 0 days old -- MAR3.tmp
18/07/2008 19.45.47 1285 byte 0 days old -- MAR4.tmp
18/07/2008 19.46.01 1459 byte 0 days old -- hpqddusr.log
18/07/2008 19.51.55 57 byte 0 days old -- systemscan.ini
18/07/2008 19.51.58 16384 byte 0 days old -- ~DFABF8.tmp
18/07/2008 19.52.39 (DIR) 0 byte 0 days old -- nsg6.tmp

===================== DUPLICATE FILES IN BAK FOLDERS =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe"
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE"
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe\""

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"="avgrsstx.dll"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Script"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
#### HKCR\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\InprocServer32 @="C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll"
@="HP Print Enhancer"

[Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
#### HKCR\CLSID\{053F9267-DC04-4294-A72C-58F732D338C0}\InprocServer32 @="C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
#### HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\InprocServer32 @="C:\Programmi\AVG\AVG8\avgssie.dll"

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

[MSConfig]

[MSConfig\services]
"aawservice"=dword:00000002

[MSConfig\startupfolder]

[MSConfig\startupreg]

[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000002
"startup"=dword:00000002

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\system32\logon.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00000339

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\AVG\AVG8\avgupd.exe"="C:\Programmi\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programmi\AVG\AVG8\avgemc.exe"="C:\Programmi\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\AVG\AVG8\avgnsx.exe"="C:\Programmi\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programmi\uTorrent\utorrent.exe"="C:\Programmi\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Italian\setup.exe"="C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Italian\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\Programmi\Opera\Opera.exe"="C:\Programmi\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{EFDBBA21-0960-4D1A-9498-DD2B8C87A924}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Programmi\Java\jre1.6.0_06\bin\regutils.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub"
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Adobe\Director\swdir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.4"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Guida di Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="Accesso sito MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Macromedia Shockwave Flash"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="Guida HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\BTHPORT\Parameters\Keys
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {DE6C4A47-F2B5-4CF3-9F7C-BB99F14C43B0} REG_BINARY 0C000000000000000000000000000000E6D780480F000000000000000000000000000000E6D7804806000000000000000000000000000000E6D7804803000000000000000000000000000000E6D7804801000000000000000000000000000000E6D7804833000000000000000000000000000000E6D7804836000000000000000000000000000000E6D7804835000000000000000000000000000000E6D78048
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {DE6C4A47-F2B5-4CF3-9F7C-BB99F14C43B0} REG_BINARY 0C000000000000000600000000000000E32281486D617472697800000F000000000000001800000000000000E3228148686F6D656E65742E74656C65636F6D6974616C69612E697406000000000000000400000000000000E3228148C0A8010103000000000000000400000000000000E3228148C0A8010101000000000000000400000000000000E3228148FFFFFF0033000000000000000400000000000000E322814800004C9036000000000000000400000000000000E3228148C0A8010135000000000000000100000000000000E322814805000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ialm\Device0\VolatileSettings
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ialm\Device1\VolatileSettings
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfDisk\Performance WbemAdapFileSignature REG_BINARY A369538A629E1F7C2EF8D18E6F9CBDB1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfDisk\Performance WbemAdapFileTime REG_BINARY 00D1F1476786C401
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfDisk\Performance WbemAdapFileSize REG_DWORD 27136 (0x6A00)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfDisk\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapFileSignature REG_BINARY 40234F0365CD9D92CEE459FE58FD1025
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapFileTime REG_BINARY 0008D5F3A232C101
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapFileSize REG_DWORD 17408 (0x4400)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfOS\Performance WbemAdapFileSignature REG_BINARY 4967673E8ED0786F88E2CB58786FAE7E
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfOS\Performance WbemAdapFileTime REG_BINARY 00D1F1476786C401
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfOS\Performance WbemAdapFileSize REG_DWORD 26624 (0x6800)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfOS\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfProc\Performance WbemAdapFileSignature REG_BINARY C903E30BDB77AB0C730237F270EC3F90
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfProc\Performance WbemAdapFileTime REG_BINARY 00D1F1476786C401
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfProc\Performance WbemAdapFileSize REG_DWORD 35840 (0x8C00)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfProc\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 825 (0x339)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 818 (0x332)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileSignature REG_BINARY A357128EEA84698DCF3ED33E521292CC
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileTime REG_BINARY 0047A2586786C401
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileSize REG_DWORD 146944 (0x23E00)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapStatus REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\sptd\Cfg
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileSignature REG_BINARY B5D91042119372579F52237AFBA5AE7F
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileTime REG_BINARY 0008D5F3A232C101
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileSize REG_DWORD 5632 (0x1600)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapStatus REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters DhcpDomain REG_SZ homenet.telecomitalia.it
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters DhcpNameServer REG_SZ 192.168.1.1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{DE6C4A47-F2B5-4CF3-9F7C-BB99F14C43B0} NTEContextList REG_MULTI_SZ \0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{DE6C4A47-F2B5-4CF3-9F7C-BB99F14C43B0} NTEContextList REG_MULTI_SZ 0x00000002\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{DE6C4A47-F2B5-4CF3-9F7C-BB99F14C43B0} DhcpServer REG_SZ 255.255.255.255
> Val
Top
Profilo Invia messaggio privato
matrixenry
Eroe
Eroe


Registrato: 15/04/08 23:12
Messaggi: 49
Residenza: Volvera-(TO)
MessaggioInviato: 18 Lug 2008 19:34    Oggetto: Rispondi
scusa sono un po imbranato e' la prima volta che faccio queste operazioni
ciao
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 1 ora
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi