NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

di **alessiomedicina83** » 01/08/10 12:22

Ciao ragazzi, chiedo il vostro prezioso aiuto, perchè è da un pò di giorni che il computer è rallentatissimo, non sempre, solo quando navigo in internet. In altre parole, ogni 3 - 4 minuti si blocca per 20 secondi per poi sbloccarsi e riprendere la navigazione. Ad esempio, si è bloccato proprio in questo istante mentre scrivevo la parola " sbloccarsi " e poi è ripartito.

Vi posto il logo di hijackthis, premettendo che ho già effettuato il controllo sul loro sito ed eliminato le voci a rischio, senza però risolvere nulla. Ringrazio anticipatamente chiunque voglia darmi una mano. Il vosto aiuto è sempre stato fondamentale. Grazie davvero.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.06.41, on 01/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWASER.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWAgent.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis_v2\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interfree.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB003" /M "Stylus C46"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB004" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P33 "EPSON Stylus C46 Series (Copia 1)" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB005" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Startup: Anapod Manager.lnk = C:\Programmi\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: updpxe32.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B5D0AD6-E15A-4A99-8558-A8AE68BFB79A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = alice.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = alice.it
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

--
End of file - 8421 bytes

di **Luke57** » 01/08/10 15:00

ciao, apri hijackthis, premi "do a system scan only", cerca e spunta la voce seguente:
O4 - Startup: updpxe32.exe

premi fix checked.

Poi, scarica e installa malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.

Poi posta il rapporto di malwarebytes + nuovo log di hijackthis

di **alessiomedicina83** » 02/08/10 20:39

Ciao Luke, innanzitutto, grazie infinite per aver risposto.

Ho fatto esattamente come hai detto. In primo luogo, ho effettuato Do a system scan only, evidenziato il file O4 - Startup: updpxe32.exe e cliccato fix checked, ma facendo di nuovo la scansione, il file resta al suo posto, non si riesce a togliere.

In secondo luogo, ho fatto una scansione totale con Malawerebytes, ha trovato 43 file infetti, che ho provveduto ad eliminare, anche se è comparsa una scritta che avvisava che non tutti potevano essere eliminati.

C'è da dire che mentre sto scrivendo questo messaggio, il problema che vi ho segnalato è comparso ben due volte: in altre parole, il sistema si blocca per 20 secondi per poi ripartire.

Comunque, posto il log di Malawerebytes e poi quello di Hijackthis:

1) MALAWEREBYTES

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4377

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02/08/2010 21.23.54
mbam-log-2010-08-02 (21-23-54).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|)
Elementi esaminati: 276406
Tempo trascorso: 8 ore, 5 minuti, 8 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 2
Voci infette nei dati di registro: 4
Cartelle infette: 13
File infetti: 21

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\slidershow.slidershowctrl (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Cartelle infette:
C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Ultimate Cleaner\backup (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Ultimate Cleaner\logs (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\Ultimate Cleaner\backup (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Dati applicazioni\Ultimate Cleaner\logs (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Programmi\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Programmi\LuckyTender\1.3.0 (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Delete on reboot.
C:\Programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Programmi\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.

File infetti:
C:\Programmi\ABBYY FineReader 8.0 Professional Edition\ABBYY FineReader (Version 8.x) - Crack.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\SystemProc\lsass.exe (Worm.Prolaco) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\335.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\336.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\337.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\33C.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\fiHw.dll (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temp\xbxgko.dll (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Impostazioni locali\Temporary Internet Files\Content.IE5\GQO4Z9V8\eH4242ba95V03005f35002R1f7b4864102T094ab5bcQ00000000901807F0016000aJ0b000501l0010K6b768266316P000800070[1] (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jbvqsf.dll (Worm.Conficker) -> Delete on reboot.
G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Worm.Conficker) -> Quarantined and deleted successfully.
C:\Programmi\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Programmi\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Programmi\Ultimate Cleaner\ucleaner.pkg (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\wints.ini (Malware.Trace) -> Quarantined and deleted successfully.

2) HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.29.38, on 02/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWASER.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWAgent.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\HiJackThis_v2\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interfree.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB003" /M "Stylus C46"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB004" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P33 "EPSON Stylus C46 Series (Copia 1)" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB005" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Startup: Anapod Manager.lnk = C:\Programmi\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: updpxe32.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B5D0AD6-E15A-4A99-8558-A8AE68BFB79A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = alice.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = alice.it
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

--
End of file - 8195 bytes

Ringrazio in anticipo Luke e chiunque altro voglia darmi una mano. E' un problema fastidiosissimo, che rende quasi impossibile utilizzare il pc. Ogni 3 minuti si blocca. E' snervante.

di **MacGee** » 03/08/10 07:20

La vulnerabilità del tuo sistema dipende principalmente dal fatto che hai installato solo il SP2, ti manca il SP3 e tutti gli altri aggiornamenti da WUpdate che sono assolutamente necessari. Scarica Combofix, segui questa guida http://www.bleepingcomputer.com/combofi ... e-combofix non installare la consolle di ripristino , salva il log finale e allegalo nel prossimo post.
Pulisci il registro più volte con Ccleaner e deframmenta il disco con Auslogic DD http://www.auslogics.com/en/software/disk-defrag/ Ciao.

di **alessiomedicina83** » 04/08/10 09:49

Ciao, ho scaricato ComboFix sul desktop, però non mi si avvia. Nel senso che, quando clicco sopra all'icona rossa con su scritto ComboFix, mi compare una finestrella di caricamento che arriva al 100 % e poi più nulla. Riprovando di nuovo, oltre alla finestrella di caricamento, si apre una finestra più grande con sfondo blu, in alto a sx c'è scritto C: e sotto un cursore che lampeggia. Nient'altro. Come posso procedere?

di **Luke57** » 04/08/10 14:32

Ciao, Elimina la versione di combofix che hai sul computer, scaricalo da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti vine chiesto dove salvarlo e ti compare la casella "nome file" basta che cambi il nome che ti appare li in abc.exe)

Poi clicca su start>esegui, nel box bianco copia e incolla questo comando:

"%userprofile%\desktop\abc.exe" /killall

Premi Ok, se tutto va bene parte il programma che potrebbe impiegare molto, finito, riavvia il pc normalmente e, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt .
Copia il suo contenuto e incollalo in un post.

di **alessiomedicina83** » 04/08/10 19:23

Ciao, ho seguito pedissequamente il tuo post e credo di aver risolto. In effetti il fastidiosissimo problema riscontrato, ovvero il bloccaggio del sistema per una ventina di secondi, non si è più ripresentato. Speriamo bene!!

Ne approfitto per ringraziarvi tutti, come sempre siete disponibilissimi ed efficientissimi.

Comunque, vi posto il log di ComboFix, così che, nel caso in cui ci sia qualche anomalia, possiate individuarla (tuttavia non mi entra tutto il log in un post, lo divido in 2 parti)

Grazie mille ancora. Siete una risorsa preziosissima.

PRIMA PARTE DEL LOG DI COMBOFIX

ComboFix 10-08-03.04 - Compaq_Proprietario 04/08/2010 15.53.44.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.277 [GMT 2:00]
Eseguito da: c:\documents and settings\Compaq_Proprietario\desktop\abc.exe
Opzioni usate :: /killall
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Proprietario\Menu Avvio\Programmi\Esecuzione automatica\updpxe32.exe
c:\windows\system32\_000212_.tmp.dll
c:\windows\system32\_000213_.tmp.dll
c:\windows\system32\_000214_.tmp.dll
c:\windows\system32\_000215_.tmp.dll
c:\windows\system32\_000216_.tmp.dll
c:\windows\system32\_000217_.tmp.dll
c:\windows\system32\_000218_.tmp.dll
c:\windows\system32\_000219_.tmp.dll
c:\windows\system32\_000220_.tmp.dll
c:\windows\system32\_000221_.tmp.dll
c:\windows\system32\_000222_.tmp.dll
c:\windows\system32\_000223_.tmp.dll
c:\windows\system32\_000224_.tmp.dll
c:\windows\system32\_000225_.tmp.dll
c:\windows\system32\_000226_.tmp.dll
c:\windows\system32\_000227_.tmp.dll
c:\windows\system32\_000228_.tmp.dll
c:\windows\system32\_000229_.tmp.dll
c:\windows\system32\_000230_.tmp.dll
c:\windows\system32\_000231_.tmp.dll
c:\windows\system32\_000232_.tmp.dll
c:\windows\system32\_000233_.tmp.dll
c:\windows\system32\_000234_.tmp.dll
c:\windows\system32\_000235_.tmp.dll
c:\windows\system32\_000236_.tmp.dll
c:\windows\system32\_000237_.tmp.dll
c:\windows\system32\_000238_.tmp.dll
c:\windows\system32\_000239_.tmp.dll
c:\windows\system32\_000240_.tmp.dll
c:\windows\system32\_000241_.tmp.dll
c:\windows\system32\_000242_.tmp.dll
c:\windows\system32\_000243_.tmp.dll
c:\windows\system32\_000244_.tmp.dll
c:\windows\system32\_000245_.tmp.dll
c:\windows\system32\_000246_.tmp.dll
c:\windows\system32\_000247_.tmp.dll
c:\windows\system32\_000248_.tmp.dll
c:\windows\system32\_000249_.tmp.dll
c:\windows\system32\_000250_.tmp.dll
c:\windows\system32\_000251_.tmp.dll
c:\windows\system32\_000252_.tmp.dll
c:\windows\system32\_000253_.tmp.dll
c:\windows\system32\_000254_.tmp.dll
c:\windows\system32\_000255_.tmp.dll
c:\windows\system32\_000256_.tmp.dll
c:\windows\system32\_000257_.tmp.dll
c:\windows\system32\_000258_.tmp.dll
c:\windows\system32\_000259_.tmp.dll
c:\windows\system32\_000260_.tmp.dll
c:\windows\system32\_000261_.tmp.dll
c:\windows\system32\_000262_.tmp.dll
c:\windows\system32\_000263_.tmp.dll
c:\windows\system32\_000264_.tmp.dll
c:\windows\system32\_000265_.tmp.dll
c:\windows\system32\_000266_.tmp.dll
c:\windows\system32\_000267_.tmp.dll
c:\windows\system32\_000268_.tmp.dll
c:\windows\system32\_000269_.tmp.dll
c:\windows\system32\_000270_.tmp.dll
c:\windows\system32\_000271_.tmp.dll
c:\windows\system32\_000272_.tmp.dll
c:\windows\system32\_000273_.tmp.dll
c:\windows\system32\_000274_.tmp.dll
c:\windows\system32\_000275_.tmp.dll
c:\windows\system32\_000276_.tmp.dll
c:\windows\system32\_000277_.tmp.dll
c:\windows\system32\_000278_.tmp.dll
c:\windows\system32\_000279_.tmp.dll
c:\windows\system32\_000280_.tmp.dll
c:\windows\system32\_000281_.tmp.dll
c:\windows\system32\_000282_.tmp.dll
c:\windows\system32\_000283_.tmp.dll
c:\windows\system32\_000284_.tmp.dll
c:\windows\system32\_000285_.tmp.dll
c:\windows\system32\_000286_.tmp.dll
c:\windows\system32\_000287_.tmp.dll
c:\windows\system32\_000288_.tmp.dll
c:\windows\system32\_000289_.tmp.dll
c:\windows\system32\_000290_.tmp.dll
c:\windows\system32\_000291_.tmp.dll
c:\windows\system32\_000292_.tmp.dll
c:\windows\system32\_000293_.tmp.dll
c:\windows\system32\_000294_.tmp.dll
c:\windows\system32\_000295_.tmp.dll
c:\windows\system32\_000296_.tmp.dll
c:\windows\system32\_000297_.tmp.dll
c:\windows\system32\_000298_.tmp.dll
c:\windows\system32\_000299_.tmp.dll
c:\windows\system32\_000300_.tmp.dll
c:\windows\system32\_000301_.tmp.dll
c:\windows\system32\_000302_.tmp.dll
c:\windows\system32\_000303_.tmp.dll
c:\windows\system32\_000304_.tmp.dll
c:\windows\system32\_000305_.tmp.dll
c:\windows\system32\_000306_.tmp.dll
c:\windows\system32\_000307_.tmp.dll
c:\windows\system32\_000308_.tmp.dll
c:\windows\system32\_000309_.tmp.dll
c:\windows\system32\_000310_.tmp.dll
c:\windows\system32\_000311_.tmp.dll
c:\windows\system32\_000312_.tmp.dll
c:\windows\system32\_000313_.tmp.dll
c:\windows\system32\_000314_.tmp.dll
c:\windows\system32\_000315_.tmp.dll
c:\windows\system32\_000316_.tmp.dll
c:\windows\system32\_000317_.tmp.dll
c:\windows\system32\_000318_.tmp.dll
c:\windows\system32\_000319_.tmp.dll
c:\windows\system32\_000320_.tmp.dll
c:\windows\system32\_000321_.tmp.dll
c:\windows\system32\_000322_.tmp.dll
c:\windows\system32\_000323_.tmp.dll
c:\windows\system32\_000324_.tmp.dll
c:\windows\system32\_000325_.tmp.dll
c:\windows\system32\_000326_.tmp.dll
c:\windows\system32\_000327_.tmp.dll
c:\windows\system32\_000328_.tmp.dll
c:\windows\system32\_000329_.tmp.dll
c:\windows\system32\_000330_.tmp.dll
c:\windows\system32\_000332_.tmp.dll
c:\windows\system32\_000333_.tmp.dll
c:\windows\system32\_000334_.tmp.dll
c:\windows\system32\_000335_.tmp.dll
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\taskmgr.com
G:\autorun.inf

La copia infetta di c:\windows\system32\drivers\aec.sys è stata trovata e disinfettata
ipristinata copia da - c:\windows\system32\dllcache\aec.sys

.
((((((((((((((((((((((((( Files Creati Da 2010-07-04 al 2010-08-04 )))))))))))))))))))))))))))))))))))
.

2010-08-04 08:49 . 2010-08-04 13:52 -------- d-----w- C:\ComboFix
2010-08-01 15:14 . 2010-08-01 15:14 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Malwarebytes
2010-08-01 15:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 15:13 . 2010-08-01 15:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-01 15:13 . 2010-08-01 15:14 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-01 15:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 14:07 . 2010-08-04 14:06 764928 ----a-w- c:\windows\system32\drivers\svmfpnfo.sys
2010-07-22 15:07 . 2010-07-22 15:07 -------- d-----w- c:\programmi\File comuni\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 14:04 . 2008-06-06 07:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-08-04 14:02 . 2009-08-13 20:15 671776 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-08-04 14:02 . 2009-08-13 20:15 4424 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-08-04 14:02 . 2009-08-13 20:15 3548192 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-08-04 14:02 . 2009-08-13 20:15 29848 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-08-04 14:02 . 2005-01-29 22:35 12 -c--a-w- c:\windows\bthservsdp.dat
2010-08-04 13:21 . 2009-12-22 15:10 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Skype
2010-08-04 11:17 . 2008-09-23 14:47 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\skypePM
2010-07-31 02:09 . 2005-08-25 13:48 -------- d-----w- c:\programmi\eMule
2010-07-30 14:06 . 2010-07-30 14:06 16 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\bawuho.dat
2010-07-30 12:19 . 2010-07-30 12:19 16 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\bawuho.dat
2010-07-03 09:40 . 2005-01-06 11:50 -------- d-----w- c:\programmi\File comuni\Adobe
2010-07-03 09:01 . 2010-07-01 15:47 -------- d-----w- c:\programmi\Foxit Software
2010-07-01 14:31 . 2010-07-01 14:31 -------- d-----w- c:\programmi\pdfforge Toolbar
2010-05-19 21:31 . 2004-01-01 16:26 57544 ----a-w- c:\windows\system32\perfc010.dat
2010-05-19 21:31 . 2004-01-01 16:26 413890 ----a-w- c:\windows\system32\perfh010.dat
2010-05-19 09:19 . 2005-01-01 15:21 82904 -c--a-w- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-02-01 08:49 . 2005-02-01 08:49 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-10-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"EPSON Stylus C46 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"EPSON Stylus C46 Series (Copia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-13 208616]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-09-30 98304]

c:\documents and settings\Compaq_Proprietario\Menu Avvio\Programmi\Esecuzione automatica\
Anapod Manager.lnk - c:\programmi\Red Chair Software\Anapod Explorer\anamgr.exe [2007-8-6 1076276]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-11-15 217088]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TikBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-11 15:58 133104 -c--atw- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-24 15:22 1916928 -c--a-w- c:\programmi\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 -c--a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-09-30 13:01 98304 ----a-w- c:\programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2004-05-20 08:47 249856 -c--a-w- c:\windows\system32\Keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\C6 Messenger\\tintalk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\PROGRA~1\\FILECO~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19174:TCP"= 19174:TCP:BitComet 19174 TCP
"19174:UDP"= 19174:UDP:BitComet 19174 UDP
"3389:TCP"= 3389:TCP:Remote Desktop
"6827:TCP"= 6827:TCP:gpmdthj

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 33808]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [15/11/2009 22.56.37 8192]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17.06.48 24592]
S2 kmgkbt;Shell Helper;c:\windows\system32\svchost.exe -k netsvcs [24/09/2004 23.32.57 14336]
S3 SM_ml1600_FUService;ML-2010 Status Monitor Service;"c:\programmi\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service --> c:\programmi\Samsung ML-2010 Series\CommonSM\ssmsrvc [?]
S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [30/01/2005 15.41.16 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [30/01/2005 15.41.16 12928]
S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [30/01/2005 15.42.25 36352]
S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\drivers\ulusbo.sys [30/01/2005 15.57.02 33920]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - svmfpnfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kmgkbt
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186247095-2005263365-367709424-1007Core.job
- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-11 15:58]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186247095-2005263365-367709424-1007UA.job
- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-11 15:58]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.interfree.it/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\Software Bluetooth\btsendto_ie_ctx.htm
LSP: imon.dll
Trusted Zone: 1
Trusted Zone: 2
TCP: {3B5D0AD6-E15A-4A99-8558-A8AE68BFB79A} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\jo32qy49.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPAdbESD.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-kpx - c:\windows\system32\fastRX.dll
MSConfigStartUp-VTTimer - VTTimer.exe
AddRemove-HijackThis - c:\hijackthis_v2\HijackThis.exe

**************************************************************************

di **alessiomedicina83** » 04/08/10 19:25

SECONDA PARTE DEL LOG DI COMBOFIX

***************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 16:04
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SM_ml1600_FUService]
"ImagePath"="\"c:\programmi\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmgkbt]
"ServiceDll"="c:\windows\system32\jbvqsf.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\svmfpnfo]

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName"="Services en ligne"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjenster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjänster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName"="Online services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\S-1-5-21-3186247095-2005263365-367709424-1007\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{094A7308-158D-3A11-95DF-D37DE4675CAE}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.NativeLib"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0AC383AA-48DD-3BA3-89AD-1E03A84C2AC0}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.VendorPreferences"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B09B097-CF1A-3470-A1C5-EFE7C18EB40A}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.diagnostics.OSInfo"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13DBC185-8E37-383E-A1EA-6365964DB78B}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.StringArraySorter+StringComparer"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1BB2E9A9-BBCD-3CBC-BC2B-3E97964C886A}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.PluginConfigProperties"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1BEC0849-64A7-3089-B825-C38063CB939C}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.HtmlUtil"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{222F1997-5DA5-3822-ACE9-1BC5E623ADCA}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.Main"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2D9A09FD-BBEE-3631-AA80-5004FC15B5CD}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.HelpSessionUrls"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{39361D65-C190-3681-A6E7-01C95CD0F25A}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.PrintBuffer"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3CA743AC-A5D8-377A-9CF1-519EB466DCAD}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.incidentmgr.IncidentManager"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3CF4B98F-5D45-3900-8306-50742080215B}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.IncidentType"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{493079DA-3D61-371B-9CC3-B4784F4EDDD4}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.notifications.NotificationHandlerResult"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{495B4F27-2C53-3A61-9C19-564A882BF719}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.COPYDATASTRUCT"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4FE17AF3-4D49-3AB4-B696-04EC20A11DF7}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.ResourceUtil"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57B8A9C4-E1CB-347B-AA4D-EEC33E96DE39}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.ZipUtil"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57DC7713-0CB3-3B03-8491-855DB7BD0686}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.notifications.ServerMessageTypes"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59A3CBF8-3291-343E-AD34-25527B2EB2AF}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.StringArraySorter"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66CA6984-132B-3685-B73B-D541C234AF15}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.ui.UIServices"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68C44009-86E1-3CFE-A2CA-BD41F10B9A12}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.MapFileNames"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6A00AFFE-067B-3A1F-A004-6C9D96DD988E}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.Properties"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{707CEE46-3567-35FF-B470-C5E64C06FB58}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.mapsmgr.MapsManager"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{76CB67EC-2B56-37D8-8AE2-62A41800495E}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.Timestamp"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{785BD594-0C49-306C-8A17-A4AA58D5DD74}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.COPYDATASTRUCT+COPYDATASTRUCTHelper"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7A04BBA4-AD4B-3A48-BA81-4DB56DF41C7B}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.mapsmgr.MapDownloadServices"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7A9A29B7-585D-3C66-A01D-215121DF4C6C}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.RunMapResults"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7F686E71-CDF0-33DC-B4BD-017BDC89FC42}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.WinVerifyTrust"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81AC1E9C-6C20-3986-9D98-18F34F037142}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.ArraySorter"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{829270EF-C856-3AE6-BB70-A14F77BC00C8}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.IO"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{85B7E85D-DBCE-37D8-A99E-8D569D655752}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.LongArraySorter+LongComparer"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{861D4BFC-4F47-3EE8-B79D-5EFE672736E8}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.CabUtil"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8811C83D-ED69-3EDA-BC64-5158F2C8F882}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.MMapVerifyTrust"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{928F1BEB-109B-30DA-8007-E656ADA03C99}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.MapSubTypes"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6C3F67A-E4F0-316D-AEF5-8E112F5E4F83}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.ui.ErrorMessageCode"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD0B0744-DDA8-3D66-A77F-2AA30C5B24BA}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.XmlFileHelper"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADCA84E9-DAF6-3AB1-B56D-A6EA46562FA4}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.Log"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B720606E-AC5A-3448-8A3C-D5023D1AB99C}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.notifications.NotificationsMgr"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDA4A89D-C64A-393A-A0DA-BBD521483334}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.I18NStringResIDs"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C4E8E044-FFEB-36C3-AFC7-D7D3E0399886}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.InitVendorPreferences"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C917B4A7-27C3-366B-985F-CCB3D5D162E5}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.Version"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CBE23923-D7A0-3350-A48E-8CD9BDFBFAA4}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.notifications.SoapMsgParser"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CCADF3B4-8239-31C4-BECC-2A43602460B6}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.MapTOC"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D00B5680-C89B-39A9-AE23-717BED2D82BD}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.methods.Refresh"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D8DBCDF5-6213-3415-947F-55E249F6D880}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.mapsmgr.MapArchiveServices"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE96868C-5A83-374B-BB75-C2D7D1A0E530}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.OSInfo"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ECB3FF27-F399-3FBD-9BD3-1B9909E7ED0B}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.PluginMgr"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F70821E0-4EDF-38D6-8DA9-6C0099E681DF}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.MapTypes"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE6A5C87-644A-3D33-834A-A6553BE0B2E3}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.LongArraySorter"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D3-8C17-4B23-BC80-D3488ABDDC6B}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D3-8C17-4B23-BC80-D3488ABDDC6B}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D3-8C17-4B23-BC80-D3488ABDDC6B}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{02BF25D2-8C17-4B23-BC80-D3488ABDDC6B}"
"Version"="2.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D4-8C17-4B23-BC80-D3488ABDDC6B}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D4-8C17-4B23-BC80-D3488ABDDC6B}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D4-8C17-4B23-BC80-D3488ABDDC6B}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{02BF25D2-8C17-4B23-BC80-D3488ABDDC6B}"
"Version"="2.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Clients\Media\QuickTime Player\DefaultIcon]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Clients\Media\QuickTime Player\shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@DACL=(02 0000)
@SACL=
@="Microsoft VM"
"ComponentID"="JAVAVM"
"IsInstalled"=hex:01,00,00,00
"KeyFileName"="c:\\WINDOWS\\system32\\msjava.dll"
"Version"="5,0,3810,0"
"Locale"="IT"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
@DACL=(02 0000)
@SACL=
@="Fax"
"ComponentID"="Fax"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Version"="5.1"
"Locale"="EN"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\fxsocm.inf,Fax.Install.PerUser"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
@DACL=(02 0000)
@SACL=
@="Provider fax"
"ComponentID"="Fax Provider"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Version"="5.1"
"Locale"="EN"
"StubPath"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Direct3D\MostRecentApplication]
@DACL=(02 0000)
@SACL=
"Name"="atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectDraw\MostRecentApplication]
@DACL=(02 0000)
@SACL=
"ID"=dword:41107b81
"Name"="iexplore.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\Certificates]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CRLs]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CTLs]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\ESENT\Process\Explorer]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Exchange]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax]
@DACL=(02 0000)
@SACL=
"Retries"=dword:00000003
"Retry Delay"=dword:0000000a
"QueueState"=dword:00000000
"NextJobNumber"=dword:00000003
"Branding"=dword:00000001
"UseDeviceTsid"=dword:00000001
"Inbound Profile"=""
"ServerCoverPageOnly"=dword:00000000
"LastUniqueLineId"=dword:00010001
"CfgWzdrDevice"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Devices]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Logging]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Outbound Routing\Groups]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Outbound Routing\Rules]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Security]
@DACL=(02 0000)
"Descriptor"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,14,00,00,00,
02,00,48,00,03,00,00,00,00,00,18,00,ff,07,08,00,01,02,00,00,00,00,00,05,20,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aif]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aifc]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aiff]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.au]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.m1v]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mid]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.midi]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mp2]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpa]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpeg]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpg]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.snd]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wav]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\RAS AutoDial]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Sysprep]
@DACL=(02 0000)
@SACL=
"SidsGenerated"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\ROOT\Certificates\74CDD21C2F1D104F8940DFFE7E6F035756E2F5D0]
@DACL=(02 0000)
@SACL=
"Blob"=hex:14,00,00,00,01,00,00,00,14,00,00,00,d9,cf,ea,0f,a4,af,d8,0b,23,67,
95,bf,ea,dd,d6,35,5f,e7,75,6e,04,00,00,00,01,00,00,00,10,00,00,00,0c,19,2a,\

[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\TrustedPublisher]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP OOB\SP10\KB835221WXP\Filelist]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Paths\ISPSignup.exe]
@DACL=(02 0000)
@SACL=
@="c:\\Programmi\\Easy Internet signup\\ISPSignup.exe"
"Path"="c:\\Programmi\\Easy Internet signup\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Keyboard]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\6]
@DACL=(02 0000)
@SACL=
"Policies"=hex:01,00,00,00,02,00,00,00,04,00,00,00,02,00,00,00,02,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,07,00,02,00,00,00,04,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\6]
@DACL=(02 0000)
@SACL=
"Policies"=hex:01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,a0,
86,01,00,a0,86,01,00,a0,86,01,00,28,32,00,00,02,00,00,00,a0,86,01,00,a0,86,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c]
@DACL=(02 0000)
@SACL=
"VolumeSerialNumber"=dword:88e3b4c9
"IsUnicode"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Extensions]
@DACL=(02 0000)
@SACL=
".ini"="notepad.exe ^.ini"
".txt"="notepad.exe ^.txt"
".wtx"="notepad.exe ^.wtx"
".PDS"="c:\\PSDWIN\\PSDWIN.EXE ^.PDS"
".PDB"="c:\\PSDWIN\\PSDWIN.EXE ^.PDB"
".PDC"="c:\\PSDWIN\\PSDWIN.EXE ^.PDC"
".PDG"="c:\\PSDWIN\\PSDWIN.EXE ^.PDG"
".PDL"="c:\\PSDWIN\\PSDWIN.EXE ^.PDL"
".PDA"="c:\\PSDWIN\\PSDWIN.EXE ^.PDA"
".PCC"="c:\\PSDWIN\\PSDWIN.EXE ^.PCC"
".PCB"="c:\\PSDWIN\\PSDWIN.EXE ^.PCB"
".PCE"="c:\\PSDWIN\\PSDWIN.EXE ^.PCE"
".PCP"="c:\\PSDWIN\\PSDWIN.EXE ^.PCP"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
@Allowed: (Read) (Administrators)
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\OemStartMenuData]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}]
@DACL=(02 0000)
@SACL=
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}\\Setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
@DACL=(02 0000)
@SACL=
"QuietDisplayName"="Shockwave Flash"
"QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\swflash.inf,DefaultUninstall,5"
"DisplayName"="Adobe Flash Player 9 ActiveX"
"UninstallString"="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe -uninstallDelete"
"RequiresIESysFile"="4.70.0.1155"
"Publisher"="Adobe Systems"
"DisplayVersion"="9"
"VersionMajor"="9"
"VersionMinor"="0"
"HelpLink"="http://www.adobe.com/go/flashplayer_support/"
"URLUpdateInfo"="http://www.adobe.com/go/flashplayer/"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}]
@DACL=(02 0000)
@SACL=
"DisplayIcon"="c:\\Programmi\\PC-Doctor for Windows\\Pcdrw32.exe"
"UninstallString"="RunDll32 c:\\PROGRA~1\\FILECO~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Programmi\\InstallShield Installation Information\\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\\Setup.exe\" "
"DisplayName"="PC-Doctor per Windows"
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{39DA87A1-0B26-4562-A70C-2A6147366E47}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\FILECO~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Programmi\\InstallShield Installation Information\\{39DA87A1-0B26-4562-A70C-2A6147366E47}\\Setup.exe\" "
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{39DA87A1-0B26-4562-A70C-2A6147366E47}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\FILECO~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Programmi\\InstallShield Installation Information\\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\\Setup.exe\" "
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{BAD59025-5B73-4E12-B789-0028C5A573C2}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\FILECO~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Programmi\\InstallShield Installation Information\\{BAD59025-5B73-4E12-B789-0028C5A573C2}\\Setup.exe\" "
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{BAD59025-5B73-4E12-B789-0028C5A573C2}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\HotFix\KB835221WXP]
@DACL=(02 0000)
@SACL=
"Installed"=dword:00000001
"Comments"="High Definition Audio Driver - KB835221"
"Backup Dir"=""
"Fix Description"="High Definition Audio Driver - KB835221"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:0000000a
"Valid"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers]
@DACL=(02 0000)
@SACL=
"viagfx"="vticd.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax]
@DACL=(02 0000)
@SACL=
"ChangeID"=dword:0029f824
"Status"=dword:00000180
"Name"="Fax"
"Share Name"=""
"Print Processor"="WinPrint"
"Datatype"="RAW"
"Parameters"=""
"Action"=dword:00000000
"ObjectGUID"=""
"DsKeyUpdate"=dword:00000000
"DsKeyUpdateForeground"=dword:00000000
"Description"=""
"Printer Driver"="Microsoft Shared Fax Driver"
"Default DevMode"=hex:46,00,61,00,78,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Priority"=dword:00000001
"Default Priority"=dword:00000000
"StartTime"=dword:00000000
"UntilTime"=dword:00000000
"Separator File"=""
"Location"=""
"Attributes"=dword:00004040
"txTimeout"=dword:0000afc8
"dnsTimeout"=dword:00003a98
"Security"=hex:01,00,04,80,c0,00,00,00,dc,00,00,00,00,00,00,00,14,00,00,00,02,
00,ac,00,06,00,00,00,00,0a,14,00,00,00,02,00,01,01,00,00,00,00,00,03,00,00,\
"SpoolDirectory"=""
"Port"="SHRFAX:"

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3332)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Software Bluetooth\bin\btwdins.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\progra~1\FILECO~1\MICROW~1\Agent\MWASER.EXE
c:\progra~1\FILECO~1\MICROW~1\Agent\MWAgent.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\programmi\File comuni\PCSuite\Services\ServiceLayer.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-04 16:12:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-04 14:12

Pre-Run: 2.733.133.824 byte disponibili
Post-Run: 2.624.704.512 byte disponibili

- - End Of File - - D31DAB81CBC7A7DA9832C8B1AF0CA41C

Mi auguro di non aver commesso errori nel copia - incolla, perchè il log è lunghissimo.

Grazie ancora a tutti.

di **Luke57** » 04/08/10 22:18

Ciao,Apri il block notes di windows
Copia e incolla all'interno del file testo il seguente script:

Codice: Seleziona tutto: NetSvcs:: kmgkbt Driver:: kmgkbt svmfpnfo File:: c:\windows\system32\jbvqsf.dll c:\windows\system32\drivers\svmfpnfo.sys

Salva il file testo nella stessa posizione dove è presente combofix.exe e chiamalo CFScript.txt
Disconettiti da internet.

Adesso trascina il file CFScript.txt su ComboFix.exe o abc.exe
Il programma eseguirà una nuova scansione,al termine riavvia il pc se ti viene richiesto dal programma.
Posta il nuovo report, metti il testo tra i due tag

Codice: Seleziona tutto

di **alessiomedicina83** » 05/08/10 14:40

Ciao Luke, ho fatto come mi hai detto. Ho salvato il testo sul blocco note, l'ho salvato sul desktop con il nome da te indicato, dopodichè ho trascinato il file in questione sopra l'icona nominata abc con cui ho scaricato ComboFix. Il programma è partito, ha scansionato il sistema e infine si è riavviato.

Il problema è che su C: non c'è traccia del nuovo log in formato txt. E poi non ho ben capito cosa significhi inserirlo tra due tag (immagino per inserirlo in una sottofinestra con barra di scorrimento). Secondo voi dove posso trovare l'ultimo report? La scansione con ComboFix è stata uguale alle altre volte, non capisco perchè non ci sia il report.

Grazie ancora Luke, sei gentilissimo. Spero di aver fatto tutto bene, ma il nuovo report proprio non lo trovo.

di **alessiomedicina83** » 05/08/10 15:17

Come non detto, ho rifatto la procedura e ora il report è al suo posto in c:, quindi non mi resta che postarvelo. Tuttavia, non ho ben capito come inserirlo a mò di finestrella con barra di scorrimento, quindi mi trovo costretto a copiarlo di nuovo in due parti, vista l'eccessiva lunghezza:

Grazie a Luke e a chiunque si renda disponibile ad analizzarlo:

PRIMA PARTE

ComboFix 10-08-04.05 - Compaq_Proprietario 05/08/2010 15.46.40.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.216 [GMT 2:00]
Eseguito da: c:\documents and settings\Compaq_Proprietario\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Compaq_Proprietario\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\drivers\svmfpnfo.sys"
"c:\windows\system32\jbvqsf.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\system32\drivers\svmfpnfo.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KMGKBT
-------\Legacy_SVMFPNFO
-------\Service_kmgkbt
-------\Service_svmfpnfo

((((((((((((((((((((((((( Files Creati Da 2010-07-05 al 2010-08-05 )))))))))))))))))))))))))))))))))))
.

2010-08-04 08:49 . 2010-08-04 13:52 -------- d-----w- C:\ComboFix
2010-08-01 15:14 . 2010-08-01 15:14 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Malwarebytes
2010-08-01 15:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 15:13 . 2010-08-01 15:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-01 15:13 . 2010-08-01 15:14 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-01 15:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 15:07 . 2010-07-22 15:07 -------- d-----w- c:\programmi\File comuni\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 13:23 . 2008-06-06 07:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-08-05 13:21 . 2009-08-13 20:15 671776 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-08-05 13:21 . 2009-08-13 20:15 4424 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-08-05 13:21 . 2009-08-13 20:15 3548192 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-08-05 13:21 . 2009-08-13 20:15 29848 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-08-05 13:20 . 2005-01-29 22:35 12 -c--a-w- c:\windows\bthservsdp.dat
2010-08-04 21:37 . 2009-12-22 15:10 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Skype
2010-08-04 20:20 . 2008-09-23 14:47 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\skypePM
2010-07-31 02:09 . 2005-08-25 13:48 -------- d-----w- c:\programmi\eMule
2010-07-30 14:06 . 2010-07-30 14:06 16 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\bawuho.dat
2010-07-30 12:19 . 2010-07-30 12:19 16 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\bawuho.dat
2010-07-03 09:40 . 2005-01-06 11:50 -------- d-----w- c:\programmi\File comuni\Adobe
2010-07-03 09:01 . 2010-07-01 15:47 -------- d-----w- c:\programmi\Foxit Software
2010-07-01 14:31 . 2010-07-01 14:31 -------- d-----w- c:\programmi\pdfforge Toolbar
2010-05-19 21:31 . 2004-01-01 16:26 57544 ----a-w- c:\windows\system32\perfc010.dat
2010-05-19 21:31 . 2004-01-01 16:26 413890 ----a-w- c:\windows\system32\perfh010.dat
2010-05-19 09:19 . 2005-01-01 15:21 82904 -c--a-w- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-02-01 08:49 . 2005-02-01 08:49 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-10-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"EPSON Stylus C46 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"EPSON Stylus C46 Series (Copia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-13 99840]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-13 208616]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-09-30 98304]

c:\documents and settings\Compaq_Proprietario\Menu Avvio\Programmi\Esecuzione automatica\
Anapod Manager.lnk - c:\programmi\Red Chair Software\Anapod Explorer\anamgr.exe [2007-8-6 1076276]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-11-15 217088]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-11 15:58 133104 -c--atw- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-24 15:22 1916928 -c--a-w- c:\programmi\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 -c--a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-09-30 13:01 98304 ----a-w- c:\programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2004-05-20 08:47 249856 -c--a-w- c:\windows\system32\Keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\C6 Messenger\\tintalk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\PROGRA~1\\FILECO~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19174:TCP"= 19174:TCP:BitComet 19174 TCP
"19174:UDP"= 19174:UDP:BitComet 19174 UDP
"3389:TCP"= 3389:TCP:Remote Desktop
"6827:TCP"= 6827:TCP:gpmdthj

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17.29.38 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18.02.46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17.06.48 24592]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [15/11/2009 22.56.37 8192]
S3 SM_ml1600_FUService;ML-2010 Status Monitor Service;"c:\programmi\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service --> c:\programmi\Samsung ML-2010 Series\CommonSM\ssmsrvc [?]
S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [30/01/2005 15.41.16 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [30/01/2005 15.41.16 12928]
S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [30/01/2005 15.42.25 36352]
S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\drivers\ulusbo.sys [30/01/2005 15.57.02 33920]
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186247095-2005263365-367709424-1007Core.job
- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-11 15:58]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186247095-2005263365-367709424-1007UA.job
- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-11 15:58]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.interfree.it/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\Software Bluetooth\btsendto_ie_ctx.htm
LSP: imon.dll
Trusted Zone: 1
Trusted Zone: 2
TCP: {3B5D0AD6-E15A-4A99-8558-A8AE68BFB79A} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\jo32qy49.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPAdbESD.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

di **alessiomedicina83** » 05/08/10 15:18

SECONDA PARTE

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 15:53
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SM_ml1600_FUService]
"ImagePath"="\"c:\programmi\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName"="Services en ligne"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjenster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjänster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName"="Online services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\S-1-5-21-3186247095-2005263365-367709424-1007\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{094A7308-158D-3A11-95DF-D37DE4675CAE}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.NativeLib"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0AC383AA-48DD-3BA3-89AD-1E03A84C2AC0}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.VendorPreferences"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B09B097-CF1A-3470-A1C5-EFE7C18EB40A}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.diagnostics.OSInfo"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13DBC185-8E37-383E-A1EA-6365964DB78B}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.StringArraySorter+StringComparer"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1BB2E9A9-BBCD-3CBC-BC2B-3E97964C886A}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.PluginConfigProperties"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1BEC0849-64A7-3089-B825-C38063CB939C}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.HtmlUtil"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{222F1997-5DA5-3822-ACE9-1BC5E623ADCA}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.Main"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2D9A09FD-BBEE-3631-AA80-5004FC15B5CD}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.HelpSessionUrls"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{39361D65-C190-3681-A6E7-01C95CD0F25A}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.PrintBuffer"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3CA743AC-A5D8-377A-9CF1-519EB466DCAD}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.incidentmgr.IncidentManager"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3CF4B98F-5D45-3900-8306-50742080215B}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.IncidentType"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{493079DA-3D61-371B-9CC3-B4784F4EDDD4}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.notifications.NotificationHandlerResult"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{495B4F27-2C53-3A61-9C19-564A882BF719}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.COPYDATASTRUCT"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4FE17AF3-4D49-3AB4-B696-04EC20A11DF7}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.ResourceUtil"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57B8A9C4-E1CB-347B-AA4D-EEC33E96DE39}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.ZipUtil"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57DC7713-0CB3-3B03-8491-855DB7BD0686}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.notifications.ServerMessageTypes"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59A3CBF8-3291-343E-AD34-25527B2EB2AF}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.StringArraySorter"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66CA6984-132B-3685-B73B-D541C234AF15}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.ui.UIServices"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68C44009-86E1-3CFE-A2CA-BD41F10B9A12}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.MapFileNames"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6A00AFFE-067B-3A1F-A004-6C9D96DD988E}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.Properties"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{707CEE46-3567-35FF-B470-C5E64C06FB58}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.mapsmgr.MapsManager"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{76CB67EC-2B56-37D8-8AE2-62A41800495E}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.Timestamp"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{785BD594-0C49-306C-8A17-A4AA58D5DD74}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.COPYDATASTRUCT+COPYDATASTRUCTHelper"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7A04BBA4-AD4B-3A48-BA81-4DB56DF41C7B}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.mapsmgr.MapDownloadServices"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7A9A29B7-585D-3C66-A01D-215121DF4C6C}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.RunMapResults"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7F686E71-CDF0-33DC-B4BD-017BDC89FC42}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.WinVerifyTrust"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81AC1E9C-6C20-3986-9D98-18F34F037142}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.ArraySorter"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{829270EF-C856-3AE6-BB70-A14F77BC00C8}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.IO"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{85B7E85D-DBCE-37D8-A99E-8D569D655752}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.LongArraySorter+LongComparer"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{861D4BFC-4F47-3EE8-B79D-5EFE672736E8}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.CabUtil"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8811C83D-ED69-3EDA-BC64-5158F2C8F882}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.MMapVerifyTrust"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{928F1BEB-109B-30DA-8007-E656ADA03C99}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.MapSubTypes"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6C3F67A-E4F0-316D-AEF5-8E112F5E4F83}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.ui.ErrorMessageCode"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD0B0744-DDA8-3D66-A77F-2AA30C5B24BA}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.XmlFileHelper"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADCA84E9-DAF6-3AB1-B56D-A6EA46562FA4}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.Log"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B720606E-AC5A-3448-8A3C-D5023D1AB99C}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.notifications.NotificationsMgr"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDA4A89D-C64A-393A-A0DA-BBD521483334}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.I18NStringResIDs"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C4E8E044-FFEB-36C3-AFC7-D7D3E0399886}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.InitVendorPreferences"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C917B4A7-27C3-366B-985F-CCB3D5D162E5}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.Version"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CBE23923-D7A0-3350-A48E-8CD9BDFBFAA4}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.notifications.SoapMsgParser"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CCADF3B4-8239-31C4-BECC-2A43602460B6}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.MapTOC"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D00B5680-C89B-39A9-AE23-717BED2D82BD}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.server.methods.Refresh"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D8DBCDF5-6213-3415-947F-55E249F6D880}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.mapsmgr.MapArchiveServices"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE96868C-5A83-374B-BB75-C2D7D1A0E530}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.OSInfo"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ECB3FF27-F399-3FBD-9BD3-1B9909E7ED0B}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.pluginmgr.PluginMgr"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F70821E0-4EDF-38D6-8DA9-6C0099E681DF}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.model.MapTypes"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE6A5C87-644A-3D33-834A-A6553BE0B2E3}\InprocServer32\1.0.1494.6995]
@DACL=(02 0000)
@SACL=
"Class"="com.motive.plugin.lib.LongArraySorter"
"Assembly"="pchealthplugin, Version=1.0.1494.6995, Culture=neutral, PublicKeyToken=822b6df6f89a141f"
"RuntimeVersion"="v1.0.3705"
"CodeBase"="file:///C:/PROGRA~1/HELPAN~1/Presario/XPHWWRF4/plugin/bin/pchealthplugin.DLL"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D3-8C17-4B23-BC80-D3488ABDDC6B}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D3-8C17-4B23-BC80-D3488ABDDC6B}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D3-8C17-4B23-BC80-D3488ABDDC6B}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{02BF25D2-8C17-4B23-BC80-D3488ABDDC6B}"
"Version"="2.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D4-8C17-4B23-BC80-D3488ABDDC6B}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D4-8C17-4B23-BC80-D3488ABDDC6B}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BF25D4-8C17-4B23-BC80-D3488ABDDC6B}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{02BF25D2-8C17-4B23-BC80-D3488ABDDC6B}"
"Version"="2.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Clients\Media\QuickTime Player\DefaultIcon]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Clients\Media\QuickTime Player\shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@DACL=(02 0000)
@SACL=
@="Microsoft VM"
"ComponentID"="JAVAVM"
"IsInstalled"=hex:01,00,00,00
"KeyFileName"="c:\\WINDOWS\\system32\\msjava.dll"
"Version"="5,0,3810,0"
"Locale"="IT"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
@DACL=(02 0000)
@SACL=
@="Fax"
"ComponentID"="Fax"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Version"="5.1"
"Locale"="EN"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\fxsocm.inf,Fax.Install.PerUser"

[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
@DACL=(02 0000)
@SACL=
@="Provider fax"
"ComponentID"="Fax Provider"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Version"="5.1"
"Locale"="EN"
"StubPath"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Direct3D\MostRecentApplication]
@DACL=(02 0000)
@SACL=
"Name"="atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectDraw\MostRecentApplication]
@DACL=(02 0000)
@SACL=
"ID"=dword:41107b81
"Name"="iexplore.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\Certificates]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CRLs]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CTLs]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\ESENT\Process\Explorer]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Exchange]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax]
@DACL=(02 0000)
@SACL=
"Retries"=dword:00000003
"Retry Delay"=dword:0000000a
"QueueState"=dword:00000000
"NextJobNumber"=dword:00000003
"Branding"=dword:00000001
"UseDeviceTsid"=dword:00000001
"Inbound Profile"=""
"ServerCoverPageOnly"=dword:00000000
"LastUniqueLineId"=dword:00010001
"CfgWzdrDevice"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Devices]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Logging]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Outbound Routing\Groups]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Outbound Routing\Rules]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Fax\Security]
@DACL=(02 0000)
"Descriptor"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,14,00,00,00,
02,00,48,00,03,00,00,00,00,00,18,00,ff,07,08,00,01,02,00,00,00,00,00,05,20,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aif]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aifc]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aiff]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.au]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.m1v]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mid]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.midi]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mp2]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpa]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpeg]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpg]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.snd]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wav]
@DACL=(02 0000)
@SACL=
@="clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
"MPlayer2.BAK"="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
"MPlayer2.Set"="yes"

[HKEY_LOCAL_MACHINE\software\Microsoft\RAS AutoDial]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Sysprep]
@DACL=(02 0000)
@SACL=
"SidsGenerated"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\ROOT\Certificates\74CDD21C2F1D104F8940DFFE7E6F035756E2F5D0]
@DACL=(02 0000)
@SACL=
"Blob"=hex:14,00,00,00,01,00,00,00,14,00,00,00,d9,cf,ea,0f,a4,af,d8,0b,23,67,
95,bf,ea,dd,d6,35,5f,e7,75,6e,04,00,00,00,01,00,00,00,10,00,00,00,0c,19,2a,\

[HKEY_LOCAL_MACHINE\software\Microsoft\SystemCertificates\TrustedPublisher]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP OOB\SP10\KB835221WXP\Filelist]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Paths\ISPSignup.exe]
@DACL=(02 0000)
@SACL=
@="c:\\Programmi\\Easy Internet signup\\ISPSignup.exe"
"Path"="c:\\Programmi\\Easy Internet signup\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Keyboard]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\6]
@DACL=(02 0000)
@SACL=
"Policies"=hex:01,00,00,00,02,00,00,00,04,00,00,00,02,00,00,00,02,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,07,00,02,00,00,00,04,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\6]
@DACL=(02 0000)
@SACL=
"Policies"=hex:01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,a0,
86,01,00,a0,86,01,00,a0,86,01,00,28,32,00,00,02,00,00,00,a0,86,01,00,a0,86,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c]
@DACL=(02 0000)
@SACL=
"VolumeSerialNumber"=dword:88e3b4c9
"IsUnicode"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Extensions]
@DACL=(02 0000)
@SACL=
".ini"="notepad.exe ^.ini"
".txt"="notepad.exe ^.txt"
".wtx"="notepad.exe ^.wtx"
".PDS"="c:\\PSDWIN\\PSDWIN.EXE ^.PDS"
".PDB"="c:\\PSDWIN\\PSDWIN.EXE ^.PDB"
".PDC"="c:\\PSDWIN\\PSDWIN.EXE ^.PDC"
".PDG"="c:\\PSDWIN\\PSDWIN.EXE ^.PDG"
".PDL"="c:\\PSDWIN\\PSDWIN.EXE ^.PDL"
".PDA"="c:\\PSDWIN\\PSDWIN.EXE ^.PDA"
".PCC"="c:\\PSDWIN\\PSDWIN.EXE ^.PCC"
".PCB"="c:\\PSDWIN\\PSDWIN.EXE ^.PCB"
".PCE"="c:\\PSDWIN\\PSDWIN.EXE ^.PCE"
".PCP"="c:\\PSDWIN\\PSDWIN.EXE ^.PCP"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
@Allowed: (Read) (Administrators)
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\OemStartMenuData]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}]
@DACL=(02 0000)
@SACL=
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}\\Setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
@DACL=(02 0000)
@SACL=
"QuietDisplayName"="Shockwave Flash"
"QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\swflash.inf,DefaultUninstall,5"
"DisplayName"="Adobe Flash Player 9 ActiveX"
"UninstallString"="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe -uninstallDelete"
"RequiresIESysFile"="4.70.0.1155"
"Publisher"="Adobe Systems"
"DisplayVersion"="9"
"VersionMajor"="9"
"VersionMinor"="0"
"HelpLink"="http://www.adobe.com/go/flashplayer_support/"
"URLUpdateInfo"="http://www.adobe.com/go/flashplayer/"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}]
@DACL=(02 0000)
@SACL=
"DisplayIcon"="c:\\Programmi\\PC-Doctor for Windows\\Pcdrw32.exe"
"UninstallString"="RunDll32 c:\\PROGRA~1\\FILECO~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Programmi\\InstallShield Installation Information\\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\\Setup.exe\" "
"DisplayName"="PC-Doctor per Windows"
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{39DA87A1-0B26-4562-A70C-2A6147366E47}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\FILECO~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Programmi\\InstallShield Installation Information\\{39DA87A1-0B26-4562-A70C-2A6147366E47}\\Setup.exe\" "
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{39DA87A1-0B26-4562-A70C-2A6147366E47}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\FILECO~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Programmi\\InstallShield Installation Information\\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\\Setup.exe\" "
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{BAD59025-5B73-4E12-B789-0028C5A573C2}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\FILECO~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Programmi\\InstallShield Installation Information\\{BAD59025-5B73-4E12-B789-0028C5A573C2}\\Setup.exe\" "
"LogFile"="c:\\Programmi\\InstallShield Installation Information\\{BAD59025-5B73-4E12-B789-0028C5A573C2}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\HotFix\KB835221WXP]
@DACL=(02 0000)
@SACL=
"Installed"=dword:00000001
"Comments"="High Definition Audio Driver - KB835221"
"Backup Dir"=""
"Fix Description"="High Definition Audio Driver - KB835221"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:0000000a
"Valid"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers]
@DACL=(02 0000)
@SACL=
"viagfx"="vticd.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\Fax]
@DACL=(02 0000)
@SACL=
"ChangeID"=dword:0029f824
"Status"=dword:00000180
"Name"="Fax"
"Share Name"=""
"Print Processor"="WinPrint"
"Datatype"="RAW"
"Parameters"=""
"Action"=dword:00000000
"ObjectGUID"=""
"DsKeyUpdate"=dword:00000000
"DsKeyUpdateForeground"=dword:00000000
"Description"=""
"Printer Driver"="Microsoft Shared Fax Driver"
"Default DevMode"=hex:46,00,61,00,78,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Priority"=dword:00000001
"Default Priority"=dword:00000000
"StartTime"=dword:00000000
"UntilTime"=dword:00000000
"Separator File"=""
"Location"=""
"Attributes"=dword:00004040
"txTimeout"=dword:0000afc8
"dnsTimeout"=dword:00003a98
"Security"=hex:01,00,04,80,c0,00,00,00,dc,00,00,00,00,00,00,00,14,00,00,00,02,
00,ac,00,06,00,00,00,00,0a,14,00,00,00,02,00,01,01,00,00,00,00,00,03,00,00,\
"SpoolDirectory"=""
"Port"="SHRFAX:"

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(1900)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
.
Ora fine scansione: 2010-08-05 15:57:42
ComboFix-quarantined-files.txt 2010-08-05 13:57
ComboFix2.txt 2010-08-04 14:12

Pre-Run: 2.578.587.648 byte disponibili
Post-Run: 2.564.521.984 byte disponibili

- - End Of File - - 4C2F0CBA1FCED0864B57A287C45D5C63

di **Luke57** » 05/08/10 21:56

Ciao, da risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti", premi OK.
Cerca i seguenti file in neretto:
c:\documents and settings\LocalService\Dati applicazioni\bawuho.dat
c:\documents and settings\Compaq_Proprietario\Dati applicazioni\bawuho.dat
se presenti, eliminali e svuota il cestino.

Posta poi nuovo report di hijackthis.

di **alessiomedicina83** » 06/08/10 11:13

Ciao Luke, ho eliminato il secondo dei due files da te indicati, perchè il primo non lo trovo. In altre parole, nella cartella Document and setting non esiste una cartella Local Service. Comunque, ho eliminato il secondo file e svuotato il cestino.

Dopodichè ho effettuato una scansione con Hijackthis, verso la fine della quale mi da un errore (se clicco yes mi apre una pagina internet, se clicco no mi salca direttamente il report) ma salva ugualmente il log, che ti vado a postare:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.11.34, on 06/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Red Chair Software\Anapod Explorer\anamgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\HiJackThis_v2\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interfree.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB003" /M "Stylus C46"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB004" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P33 "EPSON Stylus C46 Series (Copia 1)" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB005" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Anapod Manager.lnk = C:\Programmi\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B5D0AD6-E15A-4A99-8558-A8AE68BFB79A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = alice.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = alice.it
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\FILECO~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

--
End of file - 8477 bytes

Grazie Luke per il tempo che mi dedichi, non finirò mai di ringraziarti.

di **Luke57** » 06/08/10 13:21

ciao, non mi pare di8 vedere granchè

Aggiorna malwarebytse, clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.

Poi posta il rapporto di malwarebytes.

di **alessiomedicina83** » 06/08/10 23:19

Ciao Luke, ho aggiornato malawerebytes, ho effettuato una scansione completa, ho eliminato l'unica voce infetta che mi ha individuato e ho riavviato il sistema.

Questo è il log di malawerebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4398

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

06/08/2010 22.16.35
mbam-log-2010-08-06 (22-16-35).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|)
Elementi esaminati: 276997
Tempo trascorso: 1 ore, 17 minuti, 7 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\System Volume Information\_restore{305ACA42-2A44-4F22-AD40-24628F4309A3}\RP64\A0025195.exe (Malware.Packer) -> Quarantined and deleted successfully.

Può andare?

Grazie infinite ancora, sei veramente un grande. Disponibilissimo e chiaro nei suggerimenti. Grazie davvero.

NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Re: NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE

Topic correlati a "NAVIGAZIONE SI BLOCCA PER ALCUNI SECONDI PER POI RIPARTIRE":

Chi c’è in linea