Condividi:        

il pc si spegne

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

il pc si spegne

Postdi xnatmoonx » 21/06/07 19:14

Ciao! dopo aver "distrutto" instant access grazie a voi,a distanza di un mese eccomi qua! il pc ha cominiciato a spegnersi da un paio di settimane..e non facevo la scansione virus da tempo.OGGI l'antivirus mi ha rilevato " win32:Agent-HSD" ...IL GUAIO e' ke nn me lo fa spostare nel cestino..inoltre durante la scansione con avast il pc si 'e nuovamente spento e successivamente anche durante la scansione di spybot.E' il trojan che fa spegnere il pc? e cm fare ? ...grazie
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Sponsor
 

Postdi Mikele46 » 21/06/07 21:11

prova ad eliminarlo in modalità provvisoria...se non ci riesci posta un log di hijackthis
Immagine
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 15:16
Località: Napoli

Postdi xnatmoonx » 22/06/07 10:19

ciao ,grazie per avermi risposto innanzitutto! non sono capace di eliminarlo in modalita' provvisoria :oops: ---ti posto comunque :Logfile of HijackThis v1.99.1
Scan saved at 11.14.01, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [E06IXLRD_27768046] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?895543f649d142fdb92853eb815f5b6a
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?895543f649d142fdb92853eb815f5b6a
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.alice.it
O15 - Trusted Zone: http://*.alicemessenger.alice.it
O15 - Trusted Zone: http://*.messenger-wizard.rossoalice.alice.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/D ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Postdi xnatmoonx » 22/06/07 16:44

ho appena provato in modalita' provvisoria a fare la scansione cn spybot ma il pc mi si spegne a meta' scansione cm prima. aspetto una vostra risposta
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

scusate

Postdi xnatmoonx » 25/06/07 08:42

io aspetto,ma vi siete dimenticati di me??? :(
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Postdi Mikele46 » 25/06/07 10:44

scusami per il ritardo cmq elimina queste voci con hijack...selezionandole e premendo fix cheked...


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)



O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/D ... ctiveX.cab


Poi scarica process explorer da qui

http://www.mindsoft.it/MacHotel.html



Trova il processo WATCH.exe e premi il tasto destro del mouse, poi vai in properties e salva in un file del blocco note i percorsi del file (ovvero Path e current directory) poi di nuovo tasto destro e poi kill process...
Poi riavvia ed entra in modalità provvisoria...(premendo F8) all'accensione vai nei percorsi salvati nel file di testo ed elimina i file...

Fammi sapere se dopo va tutto bene... :) ;)
Immagine
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 15:16
Località: Napoli

Postdi xnatmoonx » 25/06/07 17:07

...scusami ma a quel sito process explorer non lo trovo mica,si parla di hotel ... :undecided:
grazie
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Postdi Mikele46 » 26/06/07 19:08

si hai ragione scusami tanto....ecco il link giusto

http://www.pc-facile.com/download/start ... er/181.htm
Immagine
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 15:16
Località: Napoli

Postdi xnatmoonx » 26/06/07 19:12

si si...alla fine lo avevo trovato...ho fatto tutto cio' ke hai detto...ma il pc continua a spegnersi ogni volta ke navigo o uso un programma...mentre nn si spegne se e' inattivo... hai altre ipotesi??? please :-?

ps.il process explorer lo lascio o lo posso eliminare...no xk mi sa di microsoft ke "vigila" .. :D
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Postdi Mikele46 » 26/06/07 22:20

se vuoi toglierlo fai..cmq mi disp ma non so proprio aspetta qualk + esperto di me.... ;) ;) tipo luke57...
Immagine
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 15:16
Località: Napoli

Postdi Mikele46 » 26/06/07 22:25

P.S mentre aspetti cerca sempre di chiudere il processo
WATCH.EXE così non dovrebbe spegnersi il pc
Immagine
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 15:16
Località: Napoli

Postdi xnatmoonx » 27/06/07 08:57

ti ringrazio comunque! ho fatto la procedura due volte ,ma noto ke watch.exe e' sempre li ..sparisce qnd lo elimino,ma lo ritrovo sempre li..sara' per questo ke si spegne ancora il pc? un dubbio:qnd entro in modalita' provvisoria ,vado a cancellare semplicemente il file bloc notes salvato e basta ,vero?
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

help

Postdi xnatmoonx » 28/06/07 08:09

allora nessuno mi risponde! luke ,mi e' stato consigliato di consultaRE te...mi leggi per favore? :(
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Postdi Luke57 » 28/06/07 09:52

Ciao, vai qui, scarica systemscan (strumento di diagnosi):
http://www.suspectfile.com/forum/viewtopic.php?t=466
lo metti sul desktop, estrai il file .exe. Chiudi antivirus e programmi, lo avvii, spunti tutte le opzioni, premi scan now. Al termine della scansione, sarà generato un report in una cartella report.zip che troverai in C:\suspectfile.
Inserisci questa cartella in un sito di hosting, tipo
http://www.sendmefile.com/
premi sfoglia, individui la cartella,premi Upload. Dopo il caricamento del file, ti sarà dato il link per poterlo vedere che tu copierai in un successivo post in modo che possa leggerlo.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

ecco il report

Postdi xnatmoonx » 28/06/07 11:33

un po' lungo...spero di aver fatto tutto nel modo giusto.
SystemScan - http://www.suspectfile.com - ver. 3.1.2

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 28/06/2007
Time: 12.00.11

Output limited to:
-Recent files
-PC accounts
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Running Services
-Duplicates in BAK folders
-Device Driver Services
-Svchost.exe instances
-Network settings
-Include HOSTS file
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-Include hijackthis.log
-Installed Applications

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET
Yes | Curatelo
| Guest (Disabled)
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)

### users folders

06/03/2007 12.27.46 (DIR) 0 byte 114 days old -- All Users
06/03/2007 13.35.53 (DIR) 0 byte 114 days old -- Default User
25/04/2007 18.51.56 (DIR) 0 byte 64 days old -- LocalService
25/04/2007 18.51.56 (DIR) 0 byte 64 days old -- NetworkService
04/05/2007 17.26.55 1562 byte 55 days old -- etyqedye.txt
26/06/2007 20.01.10 (DIR) 0 byte 2 days old -- Curatelo

===================== Recent files (60 days old)=====================

----- recent files in C:\
03/05/2007 11.53.54 (DIR) 0 byte 56 days old -- Config.Msi
05/05/2007 07.45.28 (DIR) 0 byte 54 days old -- Documents and Settings
10/05/2007 12.38.31 268 byte 49 days old -- sqmdata05.sqm
10/05/2007 12.38.31 268 byte 49 days old -- sqmdata04.sqm
10/05/2007 12.38.31 244 byte 49 days old -- sqmnoopt04.sqm
10/05/2007 12.38.31 244 byte 49 days old -- sqmnoopt06.sqm
10/05/2007 12.38.31 244 byte 49 days old -- sqmnoopt05.sqm
11/05/2007 18.18.30 (DIR) 0 byte 48 days old -- Programmi
12/06/2007 16.34.41 512 byte 16 days old -- hpfr3320.xml
22/06/2007 11.14.01 6440 byte 6 days old -- hijackthis.log
22/06/2007 17.41.05 (DIR) 0 byte 6 days old -- System Volume Information
25/06/2007 17.52.08 (DIR) 0 byte 3 days old -- backups
27/06/2007 09.49.17 (DIR) 0 byte 1 days old -- WINDOWS
28/06/2007 08.58.05 402653184 byte 0 days old -- pagefile.sys
28/06/2007 08.58.06 (DIR)267964416 byte 0 days old -- hiberfil.sys
28/06/2007 12.00.11 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
03/05/2007 11.22.09 35186 byte 56 days old -- ModemLog_SoftV92 Data Fax Modem.txt
03/05/2007 11.53.55 (DIR) 0 byte 56 days old -- Installer
03/05/2007 14.15.12 (DIR) 0 byte 56 days old -- PIF
04/05/2007 14.38.51 (DIR) 0 byte 55 days old -- inf
05/05/2007 20.07.36 231 byte 54 days old -- system.ini
05/05/2007 20.13.08 (DIR) 0 byte 54 days old -- Downloaded Program Files
11/05/2007 18.19.05 737280 byte 48 days old -- iun6002.exe
14/05/2007 18.05.53 (DIR) 0 byte 45 days old -- system32
26/06/2007 10.50.16 116 byte 2 days old -- NeroDigital.ini
27/06/2007 09.49.42 122322 byte 1 days old -- ntbtlog.txt
27/06/2007 20.40.12 32476 byte 1 days old -- SchedLgU.Txt
28/06/2007 08.58.07 2048 byte 0 days old -- bootstat.dat
28/06/2007 08.58.28 159 byte 0 days old -- wiadebug.log
28/06/2007 08.58.28 50 byte 0 days old -- wiaservc.log
28/06/2007 08.58.31 0 byte 0 days old -- 0.log
28/06/2007 09.00.07 (DIR) 0 byte 0 days old -- Temp
28/06/2007 09.04.23 406936 byte 0 days old -- WindowsUpdate.log
28/06/2007 11.59.32 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
25/06/2007 17.52.45 (DIR) 0 byte 3 days old -- CONFLICT.1

----- recent files in C:\WINDOWS\system\
02/05/2007 12.21.21 343 byte 57 days old -- cmicnfg.ini

----- recent files in C:\WINDOWS\system32\
30/04/2007 17.35.28 95872 byte 59 days old -- AVASTSS.scr
30/04/2007 17.46.10 745600 byte 59 days old -- aswBoot.exe
01/05/2007 10.18.03 281336 byte 58 days old -- FNTCACHE.DAT
04/05/2007 12.17.38 29152 byte 55 days old -- iklog.log
04/05/2007 14.38.52 (DIR) 0 byte 55 days old -- Kaspersky Lab
05/05/2007 15.53.34 2934 byte 54 days old -- CONFIG.NT
22/05/2007 16.08.37 (DIR) 0 byte 37 days old -- CatRoot2
20/06/2007 10.22.21 2206 byte 8 days old -- wpa.dbl
22/06/2007 17.41.05 (DIR) 0 byte 6 days old -- Restore
27/06/2007 09.46.25 (DIR) 0 byte 1 days old -- drivers

----- recent files in C:\WINDOWS\system32\drivers\
30/04/2007 17.37.23 26888 byte 59 days old -- aavmker4.sys
30/04/2007 17.38.51 43176 byte 59 days old -- aswTdi.sys
30/04/2007 17.39.41 23416 byte 59 days old -- aswRdr.sys
30/04/2007 17.41.42 94552 byte 59 days old -- aswmon2.sys
30/04/2007 17.41.55 85952 byte 59 days old -- aswmon.sys

----- recent files in C:\WINDOWS\temp\
27/06/2007 09.51.05 16384 byte 1 days old -- Perflib_Perfdata_584.dat
28/06/2007 08.58.15 16384 byte 0 days old -- Perflib_Perfdata_564.dat
28/06/2007 11.58.27 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Programmi\
30/04/2007 23.15.14 (DIR) 0 byte 59 days old -- File comuni
30/04/2007 23.36.13 (DIR) 0 byte 59 days old -- Adobe
04/05/2007 11.19.32 (DIR) 0 byte 55 days old -- Spybot - Search & Destroy
05/05/2007 21.52.09 (DIR) 0 byte 54 days old -- Google
11/05/2007 18.19.49 (DIR) 0 byte 48 days old -- C6 Messenger
01/06/2007 10.45.57 (DIR) 0 byte 27 days old -- Mozilla Firefox
26/06/2007 12.46.58 (DIR) 0 byte 2 days old -- eMule

----- recent files in C:\Programmi\File comuni\
30/04/2007 23.15.14 (DIR) 0 byte 59 days old -- Adobe Systems Shared
30/04/2007 23.36.10 (DIR) 0 byte 59 days old -- Adobe

===================== Duplicates in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"E06IXLRD_27768046"="\"C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE\" -m"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Script"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\programmi\google\googletoolbar1.dll"

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Programmi\Windows Live Toolbar\msntb.dll"
@=""

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\system32\logon.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:000002b4
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="ed66dd4d"
"Pattern"=hex:07,db,94,61,d9,1a,45,6e,a4,6c,f6,58,de,c9,55,f9,65,64,36,36,64,\
64,34,64,00,fd,07,00,5f,76,00,00,34,fa,07,00,56,82,47,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,03,08,94,12,a4,0d,66,43,ba,cc,a3,ed

[Lsa\GBG]
@Class="030dd1a4"
"GrafBlumGroup"=hex:7b,fe,58,10,35,68,58,bb,24

[Lsa\JD]
@Class="baa31243"
"Lookup"=hex:db,42,13,3b,af,e4

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="9408cc30"
"SkewMatrix"=hex:a9,1d,40,8a,e8,dc,2e,27,b6,6a,fa,53,ee,29,f3,4a

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:de,2d,99,d7,9a,60,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,e6,db,e6,f1,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00000945

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\natale\Programmi\eMule\emule.exe"="F:\natale\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe"="C:\Programmi\C6 Messenger\plugin\fsmodule\C6FileSharing.exe:*:Enabled:C6 Scambia File"
"C:\Programmi\C6 Messenger\c6Messenger.exe"="C:\Programmi\C6 Messenger\c6Messenger.exe:*:Enabled:C6 Messenger"
"C:\Programmi\Telecom Italia\Configuratore Alice Messenger\Sunrise.AMConfiguratorWizard.exe"="C:\Programmi\Telecom Italia\Configuratore Alice Messenger\Sunrise.AMConfiguratorWizard.exe:*:Enabled:AliceMessengerConfiguratorWizard"
"C:\Programmi\Messenger\Msmsgs.exe"="C:\Programmi\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\Internet Explorer\IEXPLORE.EXE"="C:\Programmi\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Programmi\PPLive\PPLive.exe"="C:\Programmi\PPLive\PPLive.exe:*:Enabled:PPLive"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{A35BF6D4-B071-4D7F-99DF-50956C6077B7}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]

[MountPoints2\A]
"BaseClass"="Drive"

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\F]
"BaseClass"="Drive"

[MountPoints2\{a66f323c-cbd2-11db-898b-000b6acca462}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[MountPoints2\{c0ce3661-cbd0-11db-b42c-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{e60225c2-cbd3-11db-8985-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00

[MountPoints2\{e60225c3-cbd3-11db-8985-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
df,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,08,00,00,00

[MountPoints2\{e60225c4-cbd3-11db-8985-806d6172696f}]
"BaseClass"="Drive"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 10.1"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.2"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.2"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Guida di Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 5.1"
"ComponentID"="Messenger"
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="Accesso sito MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="Guida HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E3CF6444-E70C-CBAE-465A-309998BF45CE}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{F2D2B58B-B2FD-46D1-8319-DCE564079934}]
"@=".NET Framework"
"ComponentID"=".NETFramework"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {5DDD0E7E-EB05-4DD4-A670-6701B543FE50} REG_BINARY 0F0000000000000000000000000000001E5C8346F90000000000000000000000000000001E5C8346010000000000000000000000000000001E5C83462B0000000000000000000000000000001E5C83462C0000000000000000000000000000001E5C8346060000000000000000000000000000001E5C8346
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {5DDD0E7E-EB05-4DD4-A670-6701B543FE50} REG_BINARY 0F000000000000000000000000000000F0AD8246F9000000000000000000000000000000F0AD824601000000000000000000000000000000F0AD82462B000000000000000000000000000000F0AD82462C000000000000000000000000000000F0AD824606000000000000000000000000000000F0AD8246
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 2373 (0x945)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 2366 (0x93E)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters DhcpNameServer REG_SZ 151.99.125.2 151.99.125.3
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NTEContextList REG_MULTI_SZ 0x00000003\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} DhcpIPAddress REG_SZ 87.2.231.198
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NameServer REG_SZ 85.37.17.51 85.38.28.97
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{5DDD0E7E-EB05-4DD4-A670-6701B543FE50} NameServer REG_SZ

Result compared: Different


-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


===================== AUTOPLAY SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)


-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = True
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = False
DRIVE_CDROM = True
DRIVE_RAMDISK = True
RESERVED = False

~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

No autorun.inf files found.

===================== SCHEDULED JOBS =====================

jobs found in C:\WINDOWS:

31/08/2001 17.00.00 65 byte 2127 days old -- desktop.ini
28/06/2007 08.58.14 6 byte 0 days old -- SA.DAT
28/06/2007 11.45.00 252 byte 0 days old -- Verifica aggiornamenti per Windows Live Toolbar.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:

~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:

Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 26/06/2007 19.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 26/06/2007 19.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 9.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 9.45.01
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 15.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 15.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 16.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 16.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 17.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 17.45.01
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 18.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 18.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 27/06/2007 19.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 27/06/2007 19.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 28/06/2007 9.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 28/06/2007 9.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 28/06/2007 10.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 28/06/2007 10.45.00
Esito: Operazione completata con un codice di uscita (0).
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Avviata 28/06/2007 11.45.00
"Verifica aggiornamenti per Windows Live Toolbar.job" (MSNTBUP.EXE)
Terminata 28/06/2007 11.45.00
Esito: Operazione completata con un codice di uscita (0).

===================== List of running services =====================


000) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> SIZE = 44,544 bytes

001) "aswUpdSv" - avast! iAVS4 Control Service
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
---> SIZE = 16,512 bytes

002) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

003) "avast! Antivirus" - avast! Antivirus
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
---> SIZE = 132,736 bytes

004) "CryptSvc" - Servizi di crittografia
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

005) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> SIZE = 14,336 bytes

006) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

007) "dmserver" - Gestione dischi logici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

008) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService
---> SIZE = 14,336 bytes

009) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

010) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> SIZE = 108,544 bytes

011) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

012) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

013) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

014) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

015) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

016) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes

017) "MDM" - Machine Debug Manager
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
---> SIZE = 322,120 bytes

018) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

019) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

020) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> SIZE = 108,544 bytes

021) "PolicyAgent" - Servizi IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> SIZE = 13,312 bytes

022) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> SIZE = 13,312 bytes

023) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

024) "RemoteRegistry" - Registro di sistema remoto
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes

025) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> SIZE = 14,336 bytes

026) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> SIZE = 13,312 bytes

027) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

028) "seclogon" - Accesso secondario
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

029) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

030) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

031) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

032) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
---> SIZE = 57,856 bytes

033) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

034) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes

035) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc
---> SIZE = 14,336 bytes

036) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

037) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
---> SIZE = 14,336 bytes

038) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

039) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

040) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

041) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes

042) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

043) "wscsvc" - Centro sicurezza PC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

044) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

045) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes



..:: BOOT REGISTRY ::..

0) "Cmaudio"
---> TYPE = String
---> CMD = RunDll32 cmicnfg.cpl,CMICtrlWnd
---> FILE = C:\WINDOWS\System32\RunDll32 cmicnfg.cpl,CMICtrlWnd
---> SIZE = 0 bytes

1) "avast!"
---> TYPE = String
---> CMD = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---> FILE = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---> SIZE = 75,392 bytes

2) "NeroFilterCheck"
---> TYPE = String
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe
---> SIZE = 155,648 bytes

3) "RemoteControl"
---> TYPE = String
---> CMD = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
---> FILE = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
---> SIZE = 32,768 bytes

4) "HPDJ Taskbar Utility"
---> TYPE = String
---> CMD = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
---> FILE = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
---> SIZE = 188,416 bytes



===================== List of NOT running services =====================


000) "Adobe LM Service" - Adobe LM Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
---> SIZE = 72,704 bytes

001) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> SIZE = 14,336 bytes

002) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> SIZE = 14,336 bytes

003) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> SIZE = 29,896 bytes

004) "avast! Mail Scanner" - avast! Mail Scanner
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service
---> SIZE = (NOT EXISTS)

005) "avast! Web Scanner" - avast! Web Scanner
---> STAT = (NOT RUNNING) Started manually
---> FIL
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Postdi xnatmoonx » 01/07/07 14:25

io aspetto una risposta! scusate se insisto.. :neutral:
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Postdi Luke57 » 01/07/07 14:35

xnatmoonx ha scritto:io aspetto una risposta! scusate se insisto.. :neutral:

Ciao, il report ti avevo suggerito di metterlo nel sito di hosting proprio perchè non entra in un post, per via della sua lunghezza....
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi xnatmoonx » 01/07/07 15:43

scusami ho sbagliato..quindi dovevo solo copiarti il link ? :

http://www.sendmefile.com/00550380

:oops:


ma ora che devo fare?
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Postdi Luke57 » 01/07/07 16:44

xnatmoonx ha scritto:scusami ho sbagliato..quindi dovevo solo copiarti il link ? :

http://www.sendmefile.com/00550380

:oops:


ma ora che devo fare?

Ciao, l'unico file riconducibile a un malware che ho trovato è questo:
C:\Windows\iun6002.exe
apri hiajckthis, con le applicazioni chiuse, premi "open the misc tools section", poi "delete a file on reboot", nella finestra che si apre incolli:
C:\Windows\iun6002.exe
premi Apri e dici sì alla richiesta di riavvio.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi xnatmoonx » 01/07/07 18:53

Grazie luke ...ho fatto tutto e quel june6002.exe e' stato rimosso....ma ahime' ..il pc continua a spegnersi. Ho provato a usare spybot per una maggiore sicurezza e puntualmente a meta' si spegne,cn avast pure ....boh

:undecided:
xnatmoonx
Utente Junior
 
Post: 29
Iscritto il: 04/05/07 12:06

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "il pc si spegne":

PC si spegne da solo
Autore: Cassidy
Forum: Software Windows
Risposte: 1
pc non si spegne
Autore: ranger
Forum: Software Windows
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 51 ospiti

cron