un po' lungo...spero di aver fatto tutto nel modo giusto.
SystemScan -
http://www.suspectfile.com - ver. 3.1.2
Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
Date: 28/06/2007
Time: 12.00.11
Output limited to:
-Recent files
-PC accounts
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Running Services
-Duplicates in BAK folders
-Device Driver Services
-Svchost.exe instances
-Network settings
-Include HOSTS file
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-Include hijackthis.log
-Installed Applications
===================== Accounts on this PC =====================
Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET
Yes | Curatelo
| Guest (Disabled)
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)
### users folders
06/03/2007 12.27.46 (DIR) 0 byte 114 days old -- All Users
06/03/2007 13.35.53 (DIR) 0 byte 114 days old -- Default User
25/04/2007 18.51.56 (DIR) 0 byte 64 days old -- LocalService
25/04/2007 18.51.56 (DIR) 0 byte 64 days old -- NetworkService
04/05/2007 17.26.55 1562 byte 55 days old -- etyqedye.txt
26/06/2007 20.01.10 (DIR) 0 byte 2 days old -- Curatelo
===================== Recent files (60 days old)=====================
----- recent files in C:\
03/05/2007 11.53.54 (DIR) 0 byte 56 days old -- Config.Msi
05/05/2007 07.45.28 (DIR) 0 byte 54 days old -- Documents and Settings
10/05/2007 12.38.31 268 byte 49 days old -- sqmdata05.sqm
10/05/2007 12.38.31 268 byte 49 days old -- sqmdata04.sqm
10/05/2007 12.38.31 244 byte 49 days old -- sqmnoopt04.sqm
10/05/2007 12.38.31 244 byte 49 days old -- sqmnoopt06.sqm
10/05/2007 12.38.31 244 byte 49 days old -- sqmnoopt05.sqm
11/05/2007 18.18.30 (DIR) 0 byte 48 days old -- Programmi
12/06/2007 16.34.41 512 byte 16 days old -- hpfr3320.xml
22/06/2007 11.14.01 6440 byte 6 days old -- hijackthis.log
22/06/2007 17.41.05 (DIR) 0 byte 6 days old -- System Volume Information
25/06/2007 17.52.08 (DIR) 0 byte 3 days old -- backups
27/06/2007 09.49.17 (DIR) 0 byte 1 days old -- WINDOWS
28/06/2007 08.58.05 402653184 byte 0 days old -- pagefile.sys
28/06/2007 08.58.06 (DIR)267964416 byte 0 days old -- hiberfil.sys
28/06/2007 12.00.11 (DIR) 0 byte 0 days old -- suspectfile
----- recent files in C:\WINDOWS\
03/05/2007 11.22.09 35186 byte 56 days old -- ModemLog_SoftV92 Data Fax Modem.txt
03/05/2007 11.53.55 (DIR) 0 byte 56 days old -- Installer
03/05/2007 14.15.12 (DIR) 0 byte 56 days old -- PIF
04/05/2007 14.38.51 (DIR) 0 byte 55 days old -- inf
05/05/2007 20.07.36 231 byte 54 days old -- system.ini
05/05/2007 20.13.08 (DIR) 0 byte 54 days old -- Downloaded Program Files
11/05/2007 18.19.05 737280 byte 48 days old -- iun6002.exe
14/05/2007 18.05.53 (DIR) 0 byte 45 days old -- system32
26/06/2007 10.50.16 116 byte 2 days old -- NeroDigital.ini
27/06/2007 09.49.42 122322 byte 1 days old -- ntbtlog.txt
27/06/2007 20.40.12 32476 byte 1 days old -- SchedLgU.Txt
28/06/2007 08.58.07 2048 byte 0 days old -- bootstat.dat
28/06/2007 08.58.28 159 byte 0 days old -- wiadebug.log
28/06/2007 08.58.28 50 byte 0 days old -- wiaservc.log
28/06/2007 08.58.31 0 byte 0 days old -- 0.log
28/06/2007 09.00.07 (DIR) 0 byte 0 days old -- Temp
28/06/2007 09.04.23 406936 byte 0 days old -- WindowsUpdate.log
28/06/2007 11.59.32 (DIR) 0 byte 0 days old -- Prefetch
----- recent files in C:\WINDOWS\Downloaded Program Files\
25/06/2007 17.52.45 (DIR) 0 byte 3 days old -- CONFLICT.1
----- recent files in C:\WINDOWS\system\
02/05/2007 12.21.21 343 byte 57 days old -- cmicnfg.ini
----- recent files in C:\WINDOWS\system32\
30/04/2007 17.35.28 95872 byte 59 days old -- AVASTSS.scr
30/04/2007 17.46.10 745600 byte 59 days old -- aswBoot.exe
01/05/2007 10.18.03 281336 byte 58 days old -- FNTCACHE.DAT
04/05/2007 12.17.38 29152 byte 55 days old -- iklog.log
04/05/2007 14.38.52 (DIR) 0 byte 55 days old -- Kaspersky Lab
05/05/2007 15.53.34 2934 byte 54 days old -- CONFIG.NT
22/05/2007 16.08.37 (DIR) 0 byte 37 days old -- CatRoot2
20/06/2007 10.22.21 2206 byte 8 days old -- wpa.dbl
22/06/2007 17.41.05 (DIR) 0 byte 6 days old -- Restore
27/06/2007 09.46.25 (DIR) 0 byte 1 days old -- drivers
----- recent files in C:\WINDOWS\system32\drivers\
30/04/2007 17.37.23 26888 byte 59 days old -- aavmker4.sys
30/04/2007 17.38.51 43176 byte 59 days old -- aswTdi.sys
30/04/2007 17.39.41 23416 byte 59 days old -- aswRdr.sys
30/04/2007 17.41.42 94552 byte 59 days old -- aswmon2.sys
30/04/2007 17.41.55 85952 byte 59 days old -- aswmon.sys
----- recent files in C:\WINDOWS\temp\
27/06/2007 09.51.05 16384 byte 1 days old -- Perflib_Perfdata_584.dat
28/06/2007 08.58.15 16384 byte 0 days old -- Perflib_Perfdata_564.dat
28/06/2007 11.58.27 (DIR) 0 byte 0 days old -- _avast4_
----- recent files in C:\Programmi\
30/04/2007 23.15.14 (DIR) 0 byte 59 days old -- File comuni
30/04/2007 23.36.13 (DIR) 0 byte 59 days old -- Adobe
04/05/2007 11.19.32 (DIR) 0 byte 55 days old -- Spybot - Search & Destroy
05/05/2007 21.52.09 (DIR) 0 byte 54 days old -- Google
11/05/2007 18.19.49 (DIR) 0 byte 48 days old -- C6 Messenger
01/06/2007 10.45.57 (DIR) 0 byte 27 days old -- Mozilla Firefox
26/06/2007 12.46.58 (DIR) 0 byte 2 days old -- eMule
----- recent files in C:\Programmi\File comuni\
30/04/2007 23.15.14 (DIR) 0 byte 59 days old -- Adobe Systems Shared
30/04/2007 23.36.10 (DIR) 0 byte 59 days old -- Adobe
===================== Duplicates in BAK folders =====================
No BAK folders found
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"E06IXLRD_27768046"="\"C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE\" -m"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Senza fili"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Script"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personalizzazione Internet Explorer"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Protezione IP"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\programmi\google\googletoolbar1.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll"
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Programmi\Windows Live Toolbar\msntb.dll"
@=""
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----
-----HKCU\Control Panel\Desktop\-----
[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\system32\logon.scr"
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:000002b4
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="ed66dd4d"
"Pattern"=hex:07,db,94,61,d9,1a,45,6e,a4,6c,f6,58,de,c9,55,f9,65,64,36,36,64,\
64,34,64,00,fd,07,00,5f,76,00,00,34,fa,07,00,56,82,47,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,03,08,94,12,a4,0d,66,43,ba,cc,a3,ed
[Lsa\GBG]
@Class="030dd1a4"
"GrafBlumGroup"=hex:7b,fe,58,10,35,68,58,bb,24
[Lsa\JD]
@Class="baa31243"
"Lookup"=hex:db,42,13,3b,af,e4
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="9408cc30"
"SkewMatrix"=hex:a9,1d,40,8a,e8,dc,2e,27,b6,6a,fa,53,ee,29,f3,4a
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:de,2d,99,d7,9a,60,c7,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,e6,db,e6,f1,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00000945
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\natale\Programmi\eMule\emule.exe"="F:\natale\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe"="C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe:*:Enabled:C6 Scambia File"
"C:\Programmi\C6 Messenger\c6Messenger.exe"="C:\Programmi\C6 Messenger\c6Messenger.exe:*:Enabled:C6 Messenger"
"C:\Programmi\Telecom Italia\Configuratore Alice Messenger\Sunrise.AMConfiguratorWizard.exe"="C:\Programmi\Telecom Italia\Configuratore Alice Messenger\Sunrise.AMConfiguratorWizard.exe:*:Enabled:AliceMessengerConfiguratorWizard"
"C:\Programmi\Messenger\Msmsgs.exe"="C:\Programmi\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\Internet Explorer\IEXPLORE.EXE"="C:\Programmi\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Programmi\PPLive\PPLive.exe"="C:\Programmi\PPLive\PPLive.exe:*:Enabled:PPLive"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{A35BF6D4-B071-4D7F-99DF-50956C6077B7}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\CCleaner]
[VB and VBA Program Settings\CCleaner\Options]
[VB and VBA Program Settings\Euro Add-in]
[VB and VBA Program Settings\Euro Add-in\Wizard Options]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
[MountPoints2]
[MountPoints2\A]
"BaseClass"="Drive"
[MountPoints2\C]
"BaseClass"="Drive"
[MountPoints2\D]
"BaseClass"="Drive"
[MountPoints2\E]
"BaseClass"="Drive"
[MountPoints2\F]
"BaseClass"="Drive"
[MountPoints2\{a66f323c-cbd2-11db-898b-000b6acca462}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00
[MountPoints2\{c0ce3661-cbd0-11db-b42c-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{e60225c2-cbd3-11db-8985-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00
[MountPoints2\{e60225c3-cbd3-11db-8985-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
df,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,08,00,00,00
[MountPoints2\{e60225c4-cbd3-11db-8985-806d6172696f}]
"BaseClass"="Drive"
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 10.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.2"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.2"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Guida di Internet Explorer"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 5.1"
"ComponentID"="Messenger"
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="Accesso sito MSN"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"
[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="Guida HTML"
"ComponentID"="HTMLHelp"
[Installed Components\{E3CF6444-E70C-CBAE-465A-309998BF45CE}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
[Installed Components\{F2D2B58B-B2FD-46D1-8319-DCE564079934}]
"@=".NET Framework"
"ComponentID"=".NETFramework"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {5DDD0E7E-EB05-4DD4-A670-6701B543FE50} REG_BINARY 0F0000000000000000000000000000001E5C8346F90000000000000000000000000000001E5C8346010000000000000000000000000000001E5C83462B0000000000000000000000000000001E5C83462C0000000000000000000000000000001E5C8346060000000000000000000000000000001E5C8346
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {5DDD0E7E-EB05-4DD4-A670-6701B543FE50} REG_BINARY 0F000000000000000000000000000000F0AD8246F9000000000000000000000000000000F0AD824601000000000000000000000000000000F0AD82462B000000000000000000000000000000F0AD82462C000000000000000000000000000000F0AD824606000000000000000000000000000000F0AD8246
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 2373 (0x945)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 2366 (0x93E)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters DhcpNameServer REG_SZ 151.99.125.2 151.99.125.3
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NTEContextList REG_MULTI_SZ 0x00000003\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} DhcpIPAddress REG_SZ 87.2.231.198
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NameServer REG_SZ 85.37.17.51 85.38.28.97
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NameServer REG_SZ
Result compared: Different
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
===================== AUTOPLAY SETTINGS =====================
~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)
-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
[Explorer]
"NoDriveTypeAutoRun"=dword:00000091
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
[Explorer]
"NoDriveTypeAutoRun"=dword:00000091
Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = True
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = False
DRIVE_CDROM = True
DRIVE_RAMDISK = True
RESERVED = False
~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~
No autorun.inf files found.
===================== SCHEDULED JOBS =====================
jobs found in C:\WINDOWS:
31/08/2001 17.00.00 65 byte 2127 days old -- desktop.ini
28/06/2007 08.58.14 6 byte 0 days old -- SA.DAT
28/06/2007 11.45.00 252 byte 0 days old -- Verifica aggiornamenti per Windows Live Toolbar.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:
~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 26/06/2007 19.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 26/06/2007 19.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 9.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 9.45.01
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 15.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 15.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 16.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 16.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 17.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 17.45.01
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 18.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 18.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 19.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 19.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 28/06/2007 9.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 28/06/2007 9.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 28/06/2007 10.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 28/06/2007 10.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 28/06/2007 11.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 28/06/2007 11.45.00
Esito: Operazione completata con un codice di uscita (0).
===================== List of running services =====================
000) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> SIZE = 44,544 bytes
001) "aswUpdSv" - avast! iAVS4 Control Service
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
---> SIZE = 16,512 bytes
002) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
003) "avast! Antivirus" - avast! Antivirus
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
---> SIZE = 132,736 bytes
004) "CryptSvc" - Servizi di crittografia
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
005) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> SIZE = 14,336 bytes
006) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
007) "dmserver" - Gestione dischi logici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
008) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService
---> SIZE = 14,336 bytes
009) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
010) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> SIZE = 108,544 bytes
011) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
012) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
013) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
014) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
015) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
016) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes
017) "MDM" - Machine Debug Manager
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
---> SIZE = 322,120 bytes
018) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
019) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
020) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> SIZE = 108,544 bytes
021) "PolicyAgent" - Servizi IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> SIZE = 13,312 bytes
022) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> SIZE = 13,312 bytes
023) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
024) "RemoteRegistry" - Registro di sistema remoto
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes
025) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> SIZE = 14,336 bytes
026) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> SIZE = 13,312 bytes
027) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
028) "seclogon" - Accesso secondario
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
029) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
030) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
031) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
032) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
---> SIZE = 57,856 bytes
033) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
034) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes
035) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc
---> SIZE = 14,336 bytes
036) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
037) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
---> SIZE = 14,336 bytes
038) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
039) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
040) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
041) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes
042) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
043) "wscsvc" - Centro sicurezza PC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
044) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
045) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
..:: BOOT REGISTRY ::..
0) "Cmaudio"
---> TYPE = String
---> CMD = RunDll32 cmicnfg.cpl,CMICtrlWnd
---> FILE = C:\WINDOWS\System32\RunDll32 cmicnfg.cpl,CMICtrlWnd
---> SIZE = 0 bytes
1) "avast!"
---> TYPE = String
---> CMD = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---> FILE = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---> SIZE = 75,392 bytes
2) "NeroFilterCheck"
---> TYPE = String
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe
---> SIZE = 155,648 bytes
3) "RemoteControl"
---> TYPE = String
---> CMD = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
---> FILE = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
---> SIZE = 32,768 bytes
4) "HPDJ Taskbar Utility"
---> TYPE = String
---> CMD = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
---> FILE = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
---> SIZE = 188,416 bytes
===================== List of NOT running services =====================
000) "Adobe LM Service" - Adobe LM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
---> SIZE = 72,704 bytes
001) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes
002) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes
003) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> SIZE = 29,896 bytes
004) "avast! Mail Scanner" - avast! Mail Scanner
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service
---> SIZE = (NOT EXISTS)
005) "avast! Web Scanner" - avast! Web Scanner
---> STAT = (NOT RUNNING) Started manually
---> FIL
Registrazione
di xnatmoonx » 21/06/07 19:14 
---ti posto comunque :Logfile of HijackThis v1.99.1
