Aiuto non riesco ad installare nessun Antivirus!!!

[bic66]

Un virus mi blocca l'installazione di qualsiasi antivirus , alcuni me li installa senza persò l'eseguibile....

Ho seguito il consiglio ed installato HijackThis , incollo a seguito il Log....vi prego di aiutarmi........

Logfile of HijackThis v1.99.1
Scan saved at 23.31.02, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Fabrizio\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 http://www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3316.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3316.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3526.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3522.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3527.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3526.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3527.z1304.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se9602.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5656CF1E-2BBE-4512-83E7-FAD31FDDE6D4}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

[bic66]

Preciso che il pc non mi permette di accedere nemmeno alla modalità provvisoria

[Luke57]

Ciao, sei infetto dal famigerato Bagle. Scarica Gmer da qui:
http://www.majorgeeks.com/GMER_d5198.html
scompatta il file .zip e avvia gmer.exe, con tutte le altre applicazioni chiuse.
Per entrare in Avanzate premi il tab>>>>. Poi scegli il tab Rootkit, spunta anche la casella ADS , fai uno Scan completo. Al termine clicca Copy e incolla il report in un file di testo.
Ritorna su Gmer, premi il tab Autostart (non spuntare la casella show all) e premi Scan. Al termine click su Copy e incolla il report nel medesimo foglio di testo.
Poi, copia e incolla i due report in un post nel forum.

[bic66]

Ho seguito le tue istruzioni solo che il report è talmente lungo che non ci sta in un post...
Secondo me c'è qualcosa che "impalla" la scansione di GMER nella funzione Rootkit....Io ho lasciato la spunta su ADS come mi hai indicato e dopo mezzora stava ancora macinando......non è che per caso devo togliere la spunta su ADS?

Ho provato a copiare il report...infinito ....e il post mi ha dato un errore causa la lunghezza...


non abbandonarmi ti prego.....

[Luke57]

Ciao, per ora lascia perdere lo scan nella posizione Rootkit.R
Riavvia Gmer, posizionati nel tab Autostart (non spuntare la casella show all), premi Scan. Questa è veloce, poi incolla il report in un post.

[Luke57]

Ciao, scusa, solo adesso mi sono accorto del log.
Eesegui questa procedura
scarica avenger da qui:
http://swandog46.geekstogo.com/avenger.zip
estrai lo zip dove vuoi

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr

Folders to delete:
C:\Documents and Settings\Fabrizio\Dati applicazioni\hidires
C:\WINDOWS\exefld


Files to delete:
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\wintems.exe


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Il programma rilascia un log con le operazioni eseguite.

Al riavvio, apri il registro di sistema:
start>esegui>regedit (lo copi nello spazio)>OK
Aperto l’editor del registro ,per prima cosa fai una copia del registro stesso, da File>Esporta, nella finestra Intervallo di esportazione che si apre spunti l’opzione Tutto, dai un nome al file .reg, tipo Salvataggio registro e lo salvi in una cartella permanente del disco fisso (in caso di problemi, speriamo di no, potrai ripristinare la copia del registro con un doppio click su tale file che avrai cura di conservare per qualche giorno)

Fatto ciò, cliccando sul segno + accanto alle singole voci segui questo percorso:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run, click sulla cartella Run, dovresti trovare sulla parte destra queste voci:
hldrrr
drvsyskit
german.exe
click tasto dx su ognuna di esse e scegli Elimina.

Cerca anche questi:
HKCU\Software\FirstRRRun
HKEY_CURRENT_USER\Software\DateTime4

Se presenti, click tasto dx e scegli Elimina

Posta poi il log di Avenger che troverai in C:/avenger.txt con l´esito dello script

Per la dei Riattivazione dei Servizi terminati
"Aprite la lista dei Servizi (Start --> Esegui --> digitate SERVICES.MSC --> Ok) ed abilitate, ove necessario, questi servizi disabilitati: Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS). (Per avviare un servizio, dovete cliccare con il tasto destro su Proprietà --> Automatico --> Ok --> Avvia --> Ok).

Poi a questo link
http://www.megalab.it/download.php?id=349
trovi il file .reg per ripristinare la modalità provvisoria, ma prima di usarlo posta il report di Avenger (il pc deve esssere ripulito).

[beet76]

Ho letto il post e mi trovo anch'io nella stessa situazione

ho cercato di seguire le istruzioni e ora vi mando il file generato da aveger.

Se qualcuno riesce a darmi una mano gli sarò davvero grato! Ma se non ci riesce nessuno.... sarò grato comunque dato che questi forum sono sempre di ottimo aiuto e lo fanno in modo del tutto gratuito!!

Grazie

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jbfaeswa

*******************

Script file located at: \??\C:\WINDOWS\system32\bhsprpro.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.


Could not open folder C:\Documents and Settings\Fabrizio\Dati applicazioni\hidires for deletion
Deletion of folder C:\Documents and Settings\Fabrizio\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\Fabrizio\Dati applicazioni\hidires
Status: 0xc000003a

Folder C:\WINDOWS\exefld deleted successfully.
File C:\WINDOWS\system32\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Luke57]

Ciao, il report di Avenger sembra andato a segno, semmai riprova l'eliminazione della cartella hidires (sembra che non ci sia più)

[b]folders to delete:
C:\Documents and Settings\Fabrizio\Dati applicazioni\hidires [/b
Comunque invia nuovi log di Gmer (rootkit e autostart) con le istruzioni già note.

[beet76]

grazie per la risposta, non ho ben capito che cosa devo cancellare, di seguito ti mando comunque ti mando il log "nuovo"... il problema è che ancora non mi fa installare nessun antivirus.... in più, ogni volta che lo avvio, mi vuole inserire in un sito del cavolo dove serve una password. Il sito è: chittychat.logomall.com/.... sto IMPAZZENDO!!!!!!

IL LOG è QUESTO (autostart):

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-03-05 18:28:45
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxdev.dll
LMIinit@DLLName = LMIinit.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundMAXPnPC:\Programmi\Analog Devices\Core\smax4pnp.exe = C:\Programmi\Analog Devices\Core\smax4pnp.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
@DVDLauncher"C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe" = "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
@DMXLauncherC:\Programmi\Dell\Media Experience\DMXLauncher.exe = C:\Programmi\Dell\Media Experience\DMXLauncher.exe
@ISUSPM StartupC:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup = C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
@ISUSScheduler"C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start = "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
@igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
@LogMeIn GUI"C:\Programmi\LogMeIn\LogMeInSystray.exe" = "C:\Programmi\LogMeIn\LogMeInSystray.exe"
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@DirectX For Microsoft? Windows =

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hldrrrC:\WINDOWS\system32\hldrrr.exe /*file not found*/ = C:\WINDOWS\system32\hldrrr.exe /*file not found*/
@drvsyskitC:\Documents and Settings\Trendy Com\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\Trendy Com\Dati applicazioni\hidires\hidr.exe
@german.exeC:\WINDOWS\system32\wintems.exe = C:\WINDOWS\system32\wintems.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@mule_st_keyC:\Documents and Settings\Trendy Com\Dati applicazioni\m\flec006.exe = C:\Documents and Settings\Trendy Com\Dati applicazioni\m\flec006.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{54D9498B-CF93-414F-8984-8CE7FDE0D391}C:\Programmi\ewido anti-malware\shellhook.dll = C:\Programmi\ewido anti-malware\shellhook.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
ewido@{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programmi\ewido anti-malware\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
ewido@{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programmi\ewido anti-malware\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\WINTER~1.SCR /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.euro.dell.com/ = http://www.euro.dell.com/
@Start Pagehttp://www.euro.dell.com/ = http://www.euro.dell.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.euro.dell.com/ = http://www.euro.dell.com/
@Start Pagehttp://www.trendycom.it/ = http://www.trendycom.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/x-internet-signup@CLSID = C:\Programmi\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.12 ----

[Luke57]

Ciao, apri il registro di sistema:
start>esegui>regedit (lo copi nello spazio)>OK
Aperto l’editor del registro ,per prima cosa fai una copia del registro stesso, da File>Esporta, nella finestra Intervallo di esportazione che si apre spunti l’opzione Tutto, dai un nome al file .reg, tipo Salvataggio registro e lo salvi in una cartella permanente del disco fisso (in caso di problemi, speriamo di no, potrai ripristinare la copia del registro con un doppio click su tale file che avrai cura di conservare per qualche giorno)

Fatto ciò, cliccando sul segno + accanto alle singole voci segui questo percorso:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run, click sulla cartella Run, dovresti trovare sulla parte destra queste voci:
hldrrr
drvsyskit
german.exe
click tasto dx su ognuna di esse e scegli Elimina.

Cerca anche questi:
HKCU\Software\FirstRRRun
HKEY_CURRENT_USER\Software\DateTime4

Se presenti, click tasto dx e scegli Elimina


Per la dei Riattivazione dei Servizi terminati
"Aprite la lista dei Servizi (Start --> Esegui --> digitate SERVICES.MSC --> Ok) ed abilitate, ove necessario, questi servizi disabilitati: Avvisi, Centro sicurezza PC, Aggiornamenti automatici, Connessioni di rete, Zero Configuration reti senza fili e Windows Firewall/ Condivisione connessione Internet (ICS). (Per avviare un servizio, dovete cliccare con il tasto destro su Proprietà --> Automatico --> Ok --> Avvia --> Ok).

Poi a questo link
http://www.megalab.it/download.php?id=349
trovi il file .reg per ripristinare la modalità provvisoria.
Posta anche un log di hijackthis.

[beet76]

scusa se insisto, ma questa operazione l'ho già eseguita e i risultati non si sono visti.
Quello che invece ho scoperto è che ogni volta che faccio andare l'avg spyware (una cosa che posso installare), trova il trojan boble o bodle, non ricordo il nome, e lo cancella, purtroppo, ricompare ad ogni scansione.

[Luke57]

Ciao, scarica SystemScan se non l'hai
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile il file report.txt.
Invia il suddetto file su un sito tipo http://www.easy-share.com o http://www.sendmefiles.com e infine posta qua sul forum il link per scaricarlo.

[beet76]

Ciao,

ho fatto la scansione ma non riesco ad inserirla in nessuno dei due siti che mi hai indicato.

Io lo posto qui....

systemscan - http://www.suspectfile.com - ver. 2.0.23

Date: 06/03/2007
Time: 12.08.17,64

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files

-------------Users folders -------------

Directory di C:\documents and settings

27/02/2007 15.42 <DIR> Administrator
12/10/2006 13.19 <DIR> All Users
12/10/2006 13.19 <DIR> Default User
05/03/2007 18.32 <DIR> LocalService
27/02/2007 15.42 <DIR> LogMeInRemoteUser
05/03/2007 18.32 <DIR> NetworkService
05/03/2007 22.06 <DIR> Trendy Com

-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Programmi\File comuni, C:\WINDOWS\temp



Directory di C:\


05/03/2007 15.56 <DIR> i386
05/03/2007 12.28 <DIR> UraniumBackup-B039D5CCDC96EE3CA35D2105DE66E182
05/03/2007 16.27 <DIR> avenger
19/01/2007 09.31 <DIR> temp
05/03/2007 10.28 <DIR> Config.Msi
06/03/2007 12.08 <DIR> suspectfile
05/03/2007 15.55 <DIR> dell
05/03/2007 19.41 <DIR> WINDOWS
05/03/2007 15.38 <DIR> Programmi
05/03/2007 15.56 <DIR> MediaWin
05/03/2007 15.56 <DIR> Pp97view
05/03/2007 16.26 5.480 avenger.txt


Directory di C:\WINDOWS


05/03/2007 15.56 <DIR> twain_32
06/03/2007 09.18 <DIR> Temp
05/03/2007 15.56 <DIR> Debug
05/03/2007 18.32 <DIR> system32
05/03/2007 18.32 <DIR> system
15/01/2007 16.14 <DIR> Downloaded Installations
06/03/2007 09.22 <DIR> exefld
27/02/2007 15.32 <DIR> SoftwareDistribution
27/02/2007 15.42 <DIR> Registration
05/03/2007 15.56 <DIR> Help
06/03/2007 11.37 <DIR> Prefetch
05/03/2007 15.54 <DIR> Offline Web Pages
05/03/2007 15.56 <DIR> Media
19/01/2007 16.23 <DIR> WinSxS
27/02/2007 16.04 680 ktd32.atm
08/01/2007 17.13 34.791 MedCtrOC.log
02/03/2007 13.58 27 MP32SWF.INI
08/02/2007 17.29 108.336 mswinsck.ocx
12/01/2007 15.02 461 nsw.log
05/03/2007 13.00 80 gmer_uninstall.cmd
05/03/2007 18.22 250 gmer.ini
04/02/2007 21.23 573.440 gmer.exe
05/03/2007 22.06 32.578 SchedLgU.Txt
05/03/2007 13.00 565.311 gmer.dll
05/03/2007 21.32 883 setupapi.log
11/01/2007 14.37 335 GEARInstall.log
08/02/2007 17.30 139.264 vbsendmail.dll
06/03/2007 09.18 0 0.log
06/03/2007 09.18 159 wiadebug.log
06/03/2007 09.18 50 wiaservc.log
31/01/2007 17.40 586 win.ini
05/03/2007 22.06 2.081.700 WindowsUpdate.log


Directory di C:\WINDOWS\system32


27/02/2007 15.42 <DIR> wbem
05/03/2007 13.51 <DIR> Restore
05/03/2007 15.56 <DIR> ras
26/01/2007 16.51 <DIR> E177E04D548C4006A465EEB92D3DE021
19/01/2007 16.23 <DIR> DRVSTORE
05/03/2007 18.32 <DIR> drivers
05/03/2007 15.54 <DIR> dllcache
27/02/2007 15.42 <DIR> config
05/03/2007 19.40 <DIR> CatRoot2
15/01/2007 21.02 <DIR> appmgmt
15/01/2007 18.32 689.280 aswBoot.exe
12/01/2007 12.18 90.112 AVASTSS.scr
06/03/2007 11.21 5.226 ban_list.txt
16/02/2007 10.38 2.934 CONFIG.NT
21/02/2007 12.55 246.792 FNTCACHE.DAT
05/03/2007 16.27 0 h323log.txt
25/02/2007 17.35 9.848 jupdate-1.5.0_11-b03.log
07/02/2007 14.01 12.293.536 MRT.exe
05/03/2007 09.03 2.206 wpa.dbl


Directory di C:\Programmi\File comuni


16/02/2007 10.20 <DIR> Adobe
05/03/2007 15.54 <DIR> Services


Directory di C:\WINDOWS\temp


16/02/2007 10.40 <DIR> _avast4_
26/01/2007 16.51 <DIR> _ISTMP1.DIR
26/01/2007 16.51 45.056 mmoscore.dllMH_3032
26/01/2007 16.51 3.387 mmoscore.dllMH_3032.es



-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[Run]
"DirectX For Microsoft® Windows"="C:\WINDOWS\system32\fservice.exe"

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"=""

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxdev.dll"
"Unlock"="WinlogonUnlockEvent"

[Winlogon\Notify\LMIinit]
"DllName"=expand:"LMIinit.dll"
"Lock"="WLEventLock"
"Logoff"="WLEventLogoff"
"Logon"="WLEventLogon"
"StartScreenSaver"="WLEventStartScreenSaver"
"StartShell"="WLEventStartShell"
"Startup"="WLEventStartup"
"StopScreenSaver"="WLEventStopScreenSaver"
"Unlock"="WLEventUnlock"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
"LogMeInRemoteUser"=dword:00000000

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
@SACL=
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp;Impostazioni locali\Dati applicazioni\Microsoft\Outlook"
"BuildNumber"=dword:00000a28

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe"
"SunJavaUpdateSched"="\"C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe\""
"DVDLauncher"="\"C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe\""
"DMXLauncher"="C:\Programmi\Dell\Media Experience\DMXLauncher.exe"
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe\" -start"
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe"
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe"
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe"
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"
"LogMeIn GUI"="\"C:\Programmi\LogMeIn\LogMeInSystray.exe\""
"iTunesHelper"="\"C:\Programmi\iTunes\iTunesHelper.exe\""

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
@SACL=
"hldrrr"="C:\WINDOWS\system32\hldrrr.exe"
"drvsyskit"="C:\Documents and Settings\Trendy Com\Dati applicazioni\hidires\hidr.exe"
"german.exe"="C:\WINDOWS\system32\wintems.exe"
"MsnMsgr"="\"C:\Programmi\MSN Messenger\MsnMsgr.Exe\" /background"
"mule_st_key"="C:\Documents and Settings\Trendy Com\Dati applicazioni\m\flec006.exe"
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
#### HKCR\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}\InprocServer32 @="C:\WINDOWS\system32\dla\tfswshx.dll"
@=dword:00000001

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\programmi\google\googletoolbar3.dll"

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
@SACL=
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
#### HKCR\CLSID\{54D9498B-CF93-414F-8984-8CE7FDE0D391}\InprocServer32 @="C:\Programmi\ewido anti-malware\shellhook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:000002c4
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="9fc2396a"
"Pattern"=hex:b3,11,1e,36,85,24,43,7a,f0,6c,5e,8a,ad,d6,a8,34,39,66,63,32,33,\
39,36,61,00,00,00,00,9c,07,00,00,18,ca,06,00,99,d0,b8,71,04,ca,06,00,10,00,\
00,00,00,00,00,00,bb,7e,cb,ca,26,de,c2,69,f2,a6,f5,9f

[Lsa\GBG]
@Class="bbde3e26"
"GrafBlumGroup"=hex:40,14,93,45,4e,c0,89,50,d8

[Lsa\JD]
@Class="f2f5ca69"
"Lookup"=hex:39,93,ce,11,25,d1

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="cb7ea665"
"SkewMatrix"=hex:91,8e,e6,4a,9c,d5,4f,15,9a,cc,c1,a5,03,de,e4,37

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:48,af,ee,7b,05,ee,c6,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,00,c8,a2,48,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,b8,ce,ab,db,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,00,c8,a2,48,86,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------

[SharedAccess]
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000004
"Type"=dword:00000020
"Group"=""

[SharedAccess\Epoch]
"Epoch"=dword:00001728

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Grisoft\AVG Free\avginet.exe"="C:\Programmi\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmi\Grisoft\AVG Free\avgamsvr.exe"="C:\Programmi\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programmi\Grisoft\AVG Free\avgcc.exe"="C:\Programmi\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Trendy Com\Desktop\DShutdown\RDShutdown.exe"="C:\Documents and Settings\Trendy Com\Desktop\DShutdown\RDShutdown.exe:*:Enabled:RDShutdown"
"C:\Programmi\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Programmi\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Programmi\Java\jre1.5.0_11\bin\regutils.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"

[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
@="Adobe Shockwave Director 10.1.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
@="Adobe Shockwave Director 10.1.4"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Guida di Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}]
"StubPath"="C:\WINDOWS\system\sservice.exe"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Accesso sito MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
@SACL=

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
@="Fax"
"ComponentID"="Fax"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser"

[Installed Components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
"ComponentID"="M886903"
@="Microsoft .NET Framework 1.1 Hotfix (KB886903)"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
@="Provider fax"
"ComponentID"="Fax Provider"
"StubPath"=""

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{B9A060D0-6C94-4EC0-056E-24EF77154952}]
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"Local"="EN"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Shockwave Flash"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="Guida HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{F2D2B58B-B2FD-46D1-8319-DCE564079934}]
@=".NET Framework"
"ComponentID"=".NETFramework"

-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} REG_BINARY 060000000000000004000000000000000C4EED45C0A80101030000000000000004000000000000000C4EED45C0A80101010000000000000004000000000000000C4EED45FFFFFF000C0000000000000004000000000000000C4EED454C554341330000000000000004000000000000000C4EED4500000E10360000000000000004000000000000000C4EED45C0A80101350000000000000001000000000000000C4EED4505000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} REG_BINARY 06000000000000000400000000000000EC31ED45C0A8010103000000000000000400000000000000EC31ED45C0A8010101000000000000000400000000000000EC31ED45FFFFFF000C000000000000000400000000000000EC31ED454C55434133000000000000000400000000000000EC31ED4500000E1036000000000000000400000000000000EC31ED45C0A8010135000000000000000100000000000000EC31ED4505000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ialm\Device0\VolatileSettings
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LMImirr\Device0\VolatileSettings
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\m_hook
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters DhcpNameServer REG_SZ 192.168.1.1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} LeaseObtainedTime REG_DWORD 1173176316 (0x45ED3FFC)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} LeaseObtainedTime REG_DWORD 1173169116 (0x45ED23DC)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} T1 REG_DWORD 1173178116 (0x45ED4704)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} T1 REG_DWORD 1173170916 (0x45ED2AE4)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} T2 REG_DWORD 1173179466 (0x45ED4C4A)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} T2 REG_DWORD 1173172266 (0x45ED302A)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} LeaseTerminatesTime REG_DWORD 1173179916 (0x45ED4E0C)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} LeaseTerminatesTime REG_DWORD 1173172716 (0x45ED31EC)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} DhcpRetryTime REG_DWORD 1797 (0x705)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} DhcpRetryStatus REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} DhcpNameServer REG_SZ 192.168.1.1
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474} DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1173176316 (0x45ED3FFC)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1173169116 (0x45ED23DC)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip T1 REG_DWORD 1173178116 (0x45ED4704)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip T1 REG_DWORD 1173170916 (0x45ED2AE4)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip T2 REG_DWORD 1173179466 (0x45ED4C4A)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip T2 REG_DWORD 1173172266 (0x45ED302A)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1173179916 (0x45ED4E0C)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1173172716 (0x45ED31EC)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{22B3321F-6EA3-44B1-B6BD-1A0C16EBD474}\Parameters\Tcpip DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0

Result compared: Different


-------------List of running services -------------



000) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

001) "CryptSvc" - Servizi di crittografia
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

002) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

003) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

004) "dmserver" - Gestione dischi logici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

005) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService

006) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

007) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

008) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

009) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

010) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

011) "iPod Service" - iPod Service
---> STAT = (RUNNING) Started manually
---> FILE = "C:\Programmi\iPod\bin\iPodService.exe"

012) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

013) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

014) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

015) "MDM" - Machine Debug Manager
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"

016) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

017) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

018) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

019) "PolicyAgent" - Servizi IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

020) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

021) "RemoteRegistry" - Registro di sistema remoto
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

022) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss

023) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

024) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

025) "seclogon" - Accesso secondario
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

026) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

027) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

028) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe

029) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

030) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc

031) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

032) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

033) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

034) "w32time" - Windows Time
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

035) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

036) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs



..:: BOOT REGISTRY ::..

0) "SoundMAXPnP"
---> CMD = C:\Programmi\Analog Devices\Core\smax4pnp.exe
---> FILE = C:\Programmi\Analog Devices\Core\smax4pnp.exe

1) "SunJavaUpdateSched"
---> CMD = "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
---> FILE = C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe

2) "DVDLauncher"
---> CMD = "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
---> FILE = C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe

3) "DMXLauncher"
---> CMD = C:\Programmi\Dell\Media Experience\DMXLauncher.exe
---> FILE = C:\Programmi\Dell\Media Experience\DMXLauncher.exe

4) "ISUSPM Startup"
---> CMD = C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
---> FILE = C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe

5) "ISUSScheduler"
---> CMD = "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
---> FILE = (NOT EXISTS)

6) "igfxtray"
---> CMD = C:\WINDOWS\system32\igfxtray.exe
---> FILE = C:\WINDOWS\system32\igfxtray.exe

7) "igfxhkcmd"
---> CMD = C:\WINDOWS\system32\hkcmd.exe
---> FILE = C:\WINDOWS\system32\hkcmd.exe

"igfxpers"
---> CMD = C:\WINDOWS\system32\igfxpers.exe
---> FILE = C:\WINDOWS\system32\igfxpers.exe

9) "dla"
---> CMD = C:\WINDOWS\system32\dla\tfswctrl.exe
---> FILE = C:\WINDOWS\system32\dla\tfswctrl.exe

10) "LogMeIn GUI"
---> CMD = "C:\Programmi\LogMeIn\LogMeInSystray.exe"
---> FILE = C:\Programmi\LogMeIn\LogMeInSystray.exe

11) "iTunesHelper"
---> CMD = "C:\Programmi\iTunes\iTunesHelper.exe"
---> FILE = C:\Programmi\iTunes\iTunesHelper.exe



-------------List of NOT running services -------------



000) "Adobe LM Service" - Adobe LM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"

001) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

002) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe

003) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

004) "aspnet_state" - Servizio stato di ASP.NET
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

005) "aswUpdSv" - avast! iAVS4 Control Service
---> STAT = (NOT RUNNING) Disabled
---> FILE = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"

006) "avast! Antivirus" - avast! Antivirus
---> STAT = (NOT RUNNING) Disabled
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"

007) "avast! Mail Scanner" - avast! Mail Scanner
---> STAT = (NOT RUNNING) Disabled

008) "avast! Web Scanner" - avast! Web Scanner
---> STAT = (NOT RUNNING) Disabled
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service

009) "Avg7Alrt" - AVG7 Alert Manager Server
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

010) "Avg7UpdSvc" - AVG7 Update Service
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

011) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

012) "Browser" - Browser di computer
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

013) "CiSvc" - Servizio di indicizzazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe

014) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe

015) "COMSysApp" - Applicazione di sistema COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

016) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

017) "ewido security suite control" - ewido security suite control
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\Programmi\ewido anti-malware\ewidoctrl.exe

018) "ewido security suite guard" - ewido security suite guard
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\Programmi\ewido anti-malware\ewidoguard.exe

019) "Fax" - Fax
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\fxssvc.exe

020) "gusvc" - Google Updater Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"

021) "HidServ" - Accesso periferica Human Interface
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

022) "HTTPFilter" - SSL HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

023) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\imapi.exe

024) "LMIMaint" - LogMeIn Maintenance Service
---> STAT = (NOT RUNNING) Disabled
---> FILE = "C:\Programmi\LogMeIn\RaMaint.exe"

025) "LogMeIn" - LogMeIn
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\Programmi\LogMeIn\LogMeIn.exe

026) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

027) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe

028) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msdtc.exe

029) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V

030) "NetDDE" - DDE di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

031) "NetDDEdsdm" - DDE DSDM di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

032) "Netlogon" - Accesso rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe

033) "NetSvc" - Intel NCS NetService
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Programmi\Intel\PROSetWired\NCS\Sync\NetSvc.exe

034) "NtLmSsp" - Provider supporto protezione LM NT
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe

035) "NtmsSvc" - Archivi rimovibili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

036) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"

037) "RasAuto" - Auto Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

038) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

039) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe

040) "RemoteAccess" - Routing e Accesso remoto
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

041) "RpcLocator" - RPC Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\locator.exe

042) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\rsvp.exe

043) "SCardSvr" - smart card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe

044) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

045) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

046) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{34BEA416-48CF-4FFD-A848-3B85D306327B}

047) "SysmonLog" - Avvisi e registri di prestazioni
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe

048) "TapiSrv" - Telefonia
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

049) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\tlntsvr.exe

050) "upnphost" - Host di periferiche Plug and Play universali
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

051) "UPS" - Gruppo di continuità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe

052) "usnsvc" - Servizio Messenger Sharing USN Journal Reader
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k usnsvc

053) "VSS" - Copia replicata del volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe

054) "WmdmPmSN" - Servizio Numero di serie per dispositivi multimediali portatili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

055) "Wmi" - Estensioni driver di Strumentazione gestione Windows
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

056) "WmiApSrv" - Scheda WMI Performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe

057) "WMPNetworkSvc" - Servizio di condivisione in rete Windows Media Player
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Programmi\Windows Media Player\WMPNetwk.exe

058) "wscsvc" - Centro sicurezza PC
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

059) "wuauserv" - Aggiornamenti automatici
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

060) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

061) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

062) "xmlprov" - Servizio Provisioning di rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



-------------List of running device driver services -------------



000) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\ACPI.sys

001) "AFD" - AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys

002) "AsyncMac" - Driver per supporti asincroni RAS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\asyncmac.sys

003) "atapi" - Controller disco rigido IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\atapi.sys

004) "audstub" - Driver stub audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\audstub.sys

005) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys

006) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function

007) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled

008) "Cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys

009) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\disk.sys

010) "dmio" - Driver Gestione dischi logici
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\drivers\dmio.sys

011) "dmload" - dmload
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\drivers\dmload.sys

012) "drvmcdb" - drvmcdb
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\drivers\drvmcdb.sys

013) "drvnddm" - drvnddm
---> STAT = (RUNNING) Started automatically
---> FILE = system32\drivers\drvnddm.sys

014) "E100B" - Intel(R) PRO Adapter Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\e100b325.sys

015) "Fdc" - Driver controller disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fdc.sys

016) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function

017) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\fltMgr.sys

018) "Ftdisk" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\ftdisk.sys

019) "GE

[Luke57]

Ciao, non può entrarci, è troppo grande.

[Luke57]

Ciao, adesso mi viene un sospetto che hai incollato in avenger il log riferito ad un altro utente, perchè la cartella exefld è sempre presente.
Riesegui tutta l'operazione con avenger e inserisci questo script:

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

Folders to delete:
C:\Documents and Settings\Trendy Com\Dati applicazioni\hidires
C:\WINDOWS\exefld


Files to delete:
C:\WINDOWS\system32\wintems.exe

Posta il report di avenger, quello buono stavolta

[Luke57]

Ciao, ritornando sul problema, riesegui anche le operazioni sul registro di sistema, le voci da togliere sono sempre intatte.

[beet76]

fatto.... ho eseguito alla lettera le operazioni....

di seguito il log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dxwqvxps

*******************

Script file located at: \??\C:\WINDOWS\mihfsgfj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.
Folder C:\Documents and Settings\Trendy Com\Dati applicazioni\hidires deleted successfully.
Folder C:\WINDOWS\exefld deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Sei un Santo....grazie ancora

[Luke57]

Ciao, adesso esegui le operazioni relative al ripristino della mod.provvisoria e alla riattivazione dei servizi interrotti.

[beet76]

CI SIAMO RIUSCITI!!!!!

Davvero grazie!

sono riuscito ad aggiornare il pc, a scaricare e installare l'antivirus e via dicendo.

Non so come ringraziarti!!!

[pinosanseverino]

Salve ragazzi sono nuovo del forum anch'io ho lo stesso problema ho provato aseguire le indicazioni vi invio il log creato se potete aiutarmi ve ne saro grato graize:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fufvacrp

*******************

Script file located at: \??\C:\WINDOWS\system32\criktfjm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.


Could not open folder C:\Documents and Settings\Fabrizio\Dati applicazioni\hidires for deletion
Deletion of folder C:\Documents and Settings\Fabrizio\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\Fabrizio\Dati applicazioni\hidires
Status: 0xc000003a

Folder C:\WINDOWS\exefld deleted successfully.
File C:\WINDOWS\system32\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.