ho il medesimo problema, avevo seguito le istruzioni indicate in un altro topic, ma per sbaglio ho cancellato la voce userinit . l'ho ricostruita prima di riavviare quindi nessun problema, ma ora mi è difficile individuare l'applicazione infetta.
ho fatto un log con x-ray , sapreste indicarmi eventuali processi sospetti?
grazie mille:
Logfile of X-RayPc Build 39029 (Installed 1173797541)
Scan saved at 14/03/2007 12.18.33
Registry Settings:
IE Start Page (User) :
http://www.google.it/
IE Start Page (Global) :
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE Blank Page : C:\WINDOWS\system32\blank.htm
IE Default Page :
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE Search Page (User) :
http://www.google.com
IE Search Page (Global) :
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE Default Search :
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HOSTS Directory : %SystemRoot%\System32\drivers\etc
C:\WINDOWS\system32\services.exe (108544 e77f6fa2a15390f1727f4c1c55b69da6)
C:\WINDOWS\system32\lsass.exe (13312 0815e8da286775fa432c7c9ee5e10ba1)
C:\WINDOWS\system32\Ati2evxx.exe (364544 6bdb117f5cf40fe91ff50e1bb3f28184)
C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
c:\windows\system32\winlogon.exe (504832 4166454e2bcfcc20d1b8a5ac9feab243)
C:\WINDOWS\system32\cisvc.exe (5632 c4e84243292e37ca3b6faf4a1855b8a7)
C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
C:\WINDOWS\system32\Ati2evxx.exe (364544 6bdb117f5cf40fe91ff50e1bb3f28184)
C:\WINDOWS\Explorer.EXE (1034752 178d42bd8fc34a9837417a6ce1d6bb7b)
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (37303 fb25816a1963c6a0c34d5b8226650a93)
C:\Programmi\Messenger\msmsgs.exe (1694208 74e6e96c6f0e2eca4edbb7f7a468f259)
C:\Programmi\MSN Messenger\MsnMsgr.Exe (5674352 f4d7fd84cc8dbfe2256e402ee55df74c)
C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
C:\WINDOWS\system32\wscntfy.exe (13824 a49c11376727f7adc7e206e4c89b24e1)
C:\WINDOWS\system32\cidaemon.exe (8192 c51532501e042bc1948ae3735c04c919)
C:\WINDOWS\system32\spoolsv.exe (57856 da81ec57acd4cdc3d4c51cf3d409af9f)
C:\Programmi\Internet Explorer\iexplore.exe (93184 c49ed6e4358ffaecfe70fc8f3c67d224)
C:\Documents and Settings\Proprietario\Documenti\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)
Service: Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe (364544 6bdb117f5cf40fe91ff50e1bb3f28184)
Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: CiSvc C:\WINDOWS\system32\cisvc.exe (5632 c4e84243292e37ca3b6faf4a1855b8a7)
Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch
Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: Dnscache C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: Eventlog C:\WINDOWS\system32\services.exe (108544 e77f6fa2a15390f1727f4c1c55b69da6)
Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: HTTPFilter C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: Irmon C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: LmHosts C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: Netman C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: Nla C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: PlugPlay C:\WINDOWS\system32\services.exe (108544 e77f6fa2a15390f1727f4c1c55b69da6)
Service: PolicyAgent C:\WINDOWS\system32\lsass.exe (13312 0815e8da286775fa432c7c9ee5e10ba1)
Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 0815e8da286775fa432c7c9ee5e10ba1)
Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss
Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 0815e8da286775fa432c7c9ee5e10ba1)
Service: Schedule C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: SENS C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: Spooler C:\WINDOWS\system32\spoolsv.exe (57856 da81ec57acd4cdc3d4c51cf3d409af9f)
Service: SSDPSRV C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: stisvc C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch
Service: Themes C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: WebClient C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 73955b04f209d8a1c633867841267a96)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (63128 f17b2b264072b921fc66a0be16626bab)
O2 - BHO: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} -
O2 - BHO: (Google Toolbar Helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\googletoolbar3.dll (2423872 f0b634b957e774e90edf0f90d0039303)
O3 - Toolbar: &Google {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\googletoolbar3.dll (2423872 f0b634b957e774e90edf0f90d0039303)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (37303 fb25816a1963c6a0c34d5b8226650a93)
O4 - HKCU\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe (1694208 74e6e96c6f0e2eca4edbb7f7a468f259)
O4 - HKCU\..\Run: [MsnMsgr] C:\Programmi\MSN Messenger\MsnMsgr.Exe (5674352 f4d7fd84cc8dbfe2256e402ee55df74c)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\SHELL32.dll (8479744 98def9ae2c9f8fc7fecf9d0de23f2c90)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8479744 98def9ae2c9f8fc7fecf9d0de23f2c90)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (280576 9adae07a13e295a98f5ee7726354c28f)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\system32\stobject.dll (122368 6474c3d1c136c60291b8a5ee9ed1735b)
O4 - HKLM\..\Run: [1] C:\WINDOWS\winsys.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll (77824 6c7b4daf6190083d8771e1262fd9ffd2)
O16 - DPF: {17492023-c23a-453e-a040-c7c580bbf700} (Windows Genuine Advantage Validation Tool)-
http://go.microsoft.com/fwlink/?linkid=39204 - C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf (367 df2c9e0eac10a1184db4c73dca6fd1c7)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Plug-in 1.5.0_03)-
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab - C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_03.inf (752 ea690a18fdaff99c075e140de2d8b0c7)
O16 - DPF: {9d190ae6-c81e-4039-8061-978ebad10073} (F-Secure Online Scanner 3.0)-
http://support.f-secure.com/ols/fscax.cab - C:\WINDOWS\Downloaded Program Files\fscax.inf (483 089168c87de3f4f1e922b5aa97dcdbcb)
O16 - DPF: {bdee1959-ab6b-4745-a29b-f492861102cc} (CamRegCleanControl Object)-
http://www.amustsoft.com/onlineregistry ... leaner.cab - C:\WINDOWS\Downloaded Program Files\onlineRegCleaner.inf (841 dbae829be10edf10f6b1c30a5747a417)
O16 - DPF: {cafeefac-0015-0000-0003-abcdeffedcba} (Java Plug-in 1.5.0_03)-
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab - C:\Programmi\Java\jre1.5.0_03\bin\npjpi150_03.dll (69746 13fca03ebca6e1f8c6481166c516d1fe)
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object)-
http://download.macromedia.com/pub/shoc ... wflash.cab - C:\WINDOWS\Downloaded Program Files\swflash.inf (5032 b0573f6f5a02e745d4e4183a1ab5757b)
020 - HKLM\..\Notify: [AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll (46080 900fe173c6c92f26053df6e9403ef3f1)
020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (601600 5588d8afd51d060f82315c50d7590323)
020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (63488 f8dd2e38ecc275ae94edc7c0492416ef)
020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (102400 38c69b2bc3182a85f0b323c9d1eb7e26)
020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (93184 72e4cad810a967449caab723e99c74b1)
020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (93184 72e4cad810a967449caab723e99c74b1)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (21504 5ff2551a3d740476f06b20f59cd7f0be)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (93184 72e4cad810a967449caab723e99c74b1)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (93184 72e4cad810a967449caab723e99c74b1)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (93184 72e4cad810a967449caab723e99c74b1)
anche io ho fatto uno scan con winpfind:
WinPFind logfile created on: 14/03/2007 12.38.07
WinPFind by OldTimer - v2.0.2 Folder = C:\Documents and Settings\Proprietario\Documenti\winpfind\WinPFind\
»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»
1046688 Kb Total Physical Memory | 867040 Kb Available Physical Memory | 82,84% Memory free
1240528 Kb Paging File | 1184856 Kb Available in Paging File | 95,51% Paging File free
Paging file location: C:\pagefile.sys 288 576
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 47348032 Kb Total Space | 10014976 Kb Free Space | 21,15% Space Free
Drive D: | 47749536 Kb Total Space | 18627360 Kb Free Space | 39,01% Space Free
E: Drive not present or media not loaded
Drive F: | 470744 Kb Total Space | 0 Kb Free Space | 0,00% Space Free
»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»
C:\Documents and Settings\Proprietario\Documenti\winpfind\WinPFind\WinPFind.exe (OldTimer Tools)
»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»
(Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped]
= C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe ()
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Disabled | Stopped]
= C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe ()
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
(avast! Antivirus) avast! Antivirus [Win32_Own | Disabled | Stopped]
= C:\Programmi\Alwil Software\Avast4\ashServ.exe ()
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped]
= C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped]
= C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
(Dhuhi60nwahi) Dhuhi60nwahi [Win32_Own | Disabled | Stopped]
= (File not found)
(dmadmin) Servizio amministrativo di Gestione disco logico [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped]
= C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
(MsaSvc) Microsoft authenticate service [Win32_Own | Disabled | Stopped]
= C:\WINDOWS\system32\msasvc.exe (File not found)
(wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Disabled | Stopped]
= C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe (File not found)
»»»»»»»»»»»»»»»»»»»» Driver Services (Non-Microsoft) »»»»»»»»»»
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Stopped]
= C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped]
= (File not found)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Stopped]
= system32\DRIVERS\AegisP.sys (File not found)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
(AliIde) AliIde [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
(amdagp) Driver filtro bus AMD AGP [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\AMDAGP.SYS (Advanced Micro Devices, Inc.)
(AR5211) Atheros Wireless Network Adapter Service [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
(asc) asc [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Stopped]
= C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Stopped]
= C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
(Atdisk) Atdisk [Kernel | Disabled | Stopped]
= (File not found)
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
(BCM43XX) Driver per l’adattatore di rete Broadcom 802.11 [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
(Changer) Changer [Kernel | System | Stopped]
= (File not found)
(CmdIde) CmdIde [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)
(dmboot) dmboot [Kernel | Disabled | Stopped]
= C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
(dmio) dmio [Kernel | Disabled | Stopped]
= C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
(dmload) dmload [Kernel | Disabled | Stopped]
= C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
(FETNDIS) Driver NT scheda Fast Ethernet VIA PCI 10/100Mb [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )
(Hotkey) Hotkey [Kernel | System | Stopped]
= C:\WINDOWS\System32\drivers\HOTKEY.sys ()
(HSFHWATI) HSFHWATI [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
(lbrtfdc) lbrtfdc [Kernel | System | Stopped]
= (File not found)
(mailKmd) mailKmd [Kernel | System | Stopped]
= (File not found)
(mdmxsdk) mdmxsdk [Kernel | Auto | Stopped]
= C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
(mraid35x) mraid35x [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
(NSCIRDA) Driver periferica infrarossi NSC [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
(P0630VID) Creative WebCam Live! [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\P0630Vid.sys (Creative Technology Ltd.)
(PCIDump) PCIDump [Kernel | System | Stopped]
= (File not found)
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped]
= (File not found)
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped]
= (File not found)
(PDRELI) PDRELI [Kernel | On_Demand | Stopped]
= (File not found)
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped]
= (File not found)
(POWERKEY) POWERKEY [Kernel | On_Demand | Stopped]
= C:\Program Files\Launch Manager\POWERKEY.sys (File not found)
(Ptilink) Driver Direct Parallel Link [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\PxHelp20.sys (Sonic Solutions)
(ql1080) ql1080 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
(ql12160) ql12160 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
(ql1280) ql1280 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
(rtl8139) Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139 [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Simbad) Simbad [Kernel | Disabled | Stopped]
= (File not found)
(sisagp) Filtro bus SIS AGP [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\SISAGP.SYS (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
(sptd) sptd [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\sptd.sys ()
(symc810) symc810 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
(sym_hi) sym_hi [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
(sym_u3) sym_u3 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
(tifm21) tifm21 [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
(tmcomm) tmcomm [Kernel | Auto | Stopped]
= C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
(UBHelper) UBHelper [Kernel | System | Running]
= C:\WINDOWS\System32\drivers\UBHelper.sys ()
(ultra) ultra [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
(Wbutton) Wbutton [Kernel | System | Stopped]
= C:\WINDOWS\system32\drivers\Wbutton.sys (File not found)
(WDICA) WDICA [Kernel | On_Demand | Stopped]
= (File not found)
(winachsf) winachsf [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»
>>>>> Run Keys and Auto-Start Folders <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avast! = C:\Programmi\Alwil Software\Avast4\ashDisp.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*
< Common Startup Folder = C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
= C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini ()
< User Startup Folder = C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica >
C:\Documents and Settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini ()
>>>>> MsConfig Disabled Items <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
wltrysvc = 2
cmdService = 2
MsaSvc = 2
Atimlaxnq = 3
avast! Web Scanner = 3
avast! Mail Scanner = 3
avast! Antivirus = 2
aswUpdSv = 2
Adobe LM Service = 3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path = C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk ()
backup = C:\WINDOWS\pss\Adobe Gamma Loader.lnk (File not found)
location = Common Startup
command = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
item = C:\Documents and Settings\Proprietario\Desktop\adobe (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path = C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk (File not found)
backup = C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnk (File not found)
location = Common Startup
command = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
item = Avvio veloce di Adobe Reader
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\!AVG Anti-Spyware]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = avgas
hkey = HKLM
command = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (File not found)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey = HKCU
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeluxeCommunications]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Dxc
hkey = HKLM
command = C:\Programmi\DeluxeCommunications\Dxc.exe (File not found)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark_X79-55]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\lsasss.exe ()
hkey = HKLM
command = C:\WINDOWS\system32\lsasss.exe ()
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msmsgs
hkey = HKCU
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msnmsgr
hkey = HKCU
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
hkey = HKLM
command = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = NEWDOT~2
hkey = HKLM
command = C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL (File not found)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qttask
hkey = HKLM
command = C:\Programmi\QuickTime\qttask.exe (File not found)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
hkey = HKLM
command = C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = jusched
hkey = HKLM
command = C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = GoogleToolbarNotifier
hkey = HKCU
command = C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (File not found)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = evntsvc
hkey = HKLM
command = C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe (File not found)
inimapping = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 2
startup = 2
>>>>> Disabled Startup Folder Items <<<<<
>>>>> File Associations <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found
>>>>> Registry Shell Spawning <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -> "%1" %* (File not found)
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -> "%1" %* (File not found)
htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -> Reg Data - Key not found
htmlfile [open] -> "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Programmi\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -> "%1" %* (File not found)
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)
txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Programmi\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Programmi\Internet Explorer\iexplore.exe" (Microsoft Corporation)
>>>>> ActiveX StubPath settings <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
>>>>> WOW Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
>>>>> Session Manager Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =
>>>>> SafeBoot Option Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
>>>>> Items Started Through Miscellaneous Registry Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
(File not found)
>>>>> Security Providers <<<<<
>>>>> Winlogon Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
DllName = C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
>>>>> Policy Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
1 = C:\WINDOWS\winsys.exe (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
DisableRegistryTools = 0
>>>>> Desktop Components <<<<<
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName =
Source = C:\Programmi\Messenger\qufyb.html
SubscribedURL =
FriendlyName =
Source = C:\Programmi\Windows NT\nicoxin.html
SubscribedURL =
FriendlyName = Pagina iniziale corrente
Source = About:Home
SubscribedURL = About:Home
FriendlyName =
Source =
http://www.forumcommunity.net/?c=2414
SubscribedURL =
http://www.forumcommunity.net/?c=2414
>>>>> HOSTS File <<<<<
HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 768 bytes | Modified Date: 19/08/2004 20.00.00)
127.0.0.1 localhost
>>>>> Internet Explorer Settings <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL =
http://www.google.com/ie
Local Page = %SystemRoot%\system32\blank.htm
Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page =
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Search_URL =
http://www.google.com/ie
SearchAssistant =
http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Bar =
http://www.google.com/ie
Search Page =
http://www.google.com
Start Page =
http://www.google.it/
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
SearchAssistant =
http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0
>>>>> Browser Helper Objects <<<<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- Adobe PDF Reader Link Helper ( HKLM = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
- Google Toolbar Helper ( HKLM = c:\programmi\Google\googletoolbar3.dll (Google Inc.) )
>>>>> Bars, Toolbars and Extensions <<<<<
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google ( HKLM = c:\programmi\Google\googletoolbar3.dll (Google Inc.) )
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\programmi\Google\googletoolbar3.dll (Google Inc.) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8193 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8194
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} - Java Plug-in 1.5.0_03 ( HKLM C:\Programmi\Java\jre1.5.0_03\bin\npjpi150_03.dll (Sun Microsystems, Inc.) )
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.pdf]
Location = C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
>>>>> Approved Shell Extensions <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barra delle applicazioni e menu di avvio ( HKLM = Reg Data - Key not found (File not found) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Estensione panoramica video del Pannello di controllo ( HKLM = deskpan.dll (File not found) )
{472083B0-C522-11CF-8763-00608CC02F24} = avast ( HKLM = C:\Programmi\Alwil Software\Avast4\ashShell.dll (ALWIL Software) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Estensioni shell per la compressione dei file ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = Account utente ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu di scelta rapida di crittografia ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Programmi\WinRAR\RarExt.dll () )
>>>>> Context Menu Handlers / Column Handlers <<<<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\avast]
@ = {472083B0-C522-11CF-8763-00608CC02F24} ( HKLM = C:\Programmi\Alwil Software\Avast4\ashShell.dll (ALWIL Software) )
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\MagicISO]
@ = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} ( HKLM = C:\Programmi\MagicISO\misosh.dll (MagicISO, Inc.) )
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Programmi\WinRAR\RarExt.dll () )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\MagicISO]
@ = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} ( HKLM = C:\Programmi\MagicISO\misosh.dll (MagicISO, Inc.) )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Programmi\WinRAR\RarExt.dll () )
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\avast]
@ = {472083B0-C522-11CF-8763-00608CC02F24} ( HKLM = C:\Programmi\Alwil Software\Avast4\ashShell.dll (ALWIL Software) )
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\MagicISO]
@ = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} ( HKLM = C:\Programmi\MagicISO\misosh.dll (MagicISO, Inc.) )
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Programmi\WinRAR\RarExt.dll () )
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )
>>>>> User Agent Post Platform <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
>>>>> TCP/IP Configuration <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{244CE1E3-10DE-40B1-B65E-283C8F1D9D00}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51603F0B-8EBE-4050-BF26-B8A78FBB4667}]
DefaultGateway =
Domain =
EnableDHCP = 0
IPAddress = 192.168.1.1;
NameServer =
SubnetMask = 255.255.255.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5630C818-3A5E-4FE4-AD0D-F9D7F451EAC7}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 0
IPAddress = 192.168.1.3;
NameServer =
SubnetMask = 255.255.255.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FB533D5-DDE6-4753-8F7D-3296B108FB9F}]
DefaultGateway =
DhcpDefaultGateway = 192.168.0.1;
DhcpIPAddress = 192.168.0.92
DhcpNameServer = 192.168.0.1
DhcpServer = 192.168.0.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C744D1E5-17CE-4948-8F56-15BD98FA82F8}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;
>>>>> WinSock2 Parameters <<<<<
>>>>> Protocol Handlers <<<<<
>>>>> Protocol Filters <<<<<
>>>>> Downloaded Program Files <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]
CODEBASE =
http://go.microsoft.com/fwlink/?linkid=39204
INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
INF = C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_03.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9D190AE6-C81E-4039-8061-978EBAD10073}\DownloadInformation]
CODEBASE =
http://support.f-secure.com/ols/fscax.cab
INF = C:\WINDOWS\Downloaded Program Files\fscax.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BDEE1959-AB6B-4745-A29B-F492861102CC}\DownloadInformation]
CODEBASE =
http://www.amustsoft.com/onlineregistry ... leaner.cab
INF = C:\WINDOWS\Downloaded Program Files\onlineRegCleaner.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
INF =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE =
http://download.macromedia.com/pub/shoc ... wflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf
»»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»
C:\Documents and Settings\Proprietario\Documenti\Avast 4.6 Pro ITA + keygen + skins by Peppez.rar [Ver = | Size = 18013223 bytes | Created Date = 20/02/2007 2.21.53 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\Avast! Skins.zip [Ver = | Size = 8782838 bytes | Created Date = 21/02/2007 13.27.52 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\Avast!PRO.ITA.v4.6.exe [Ver = | Size = 9244888 bytes | Created Date = 21/02/2007 13.27.53 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\wide_screen.aswcs [Ver = | Size = 342648 bytes | Created Date = 21/02/2007 22.37.57 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\RejZor-Sharp by SZCraftec.asws [Ver = | Size = 2124923 bytes | Created Date = 21/02/2007 22.38.08 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\DSCN3015.jpg [Ver = | Size = 300866 bytes | Created Date = 10/03/2007 18.06.36 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\x-raypc.exe [Ver = 1.0.0.30 | Size = 348928 bytes | Created Date = 13/03/2007 14.52.13 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\auto.nr3 [Ver = | Size = 16649 bytes | Created Date = 12/03/2007 16.21.59 | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 11/03/2007 19.04.00 | Attr = H ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 11/03/2007 19.04.01 | Attr = ]
C:\WINDOWS\System32\muzika.xm [Ver = | Size = 37473 bytes | Created Date = 20/02/2007 2.30.42 | Attr = ]
C:\WINDOWS\System32\lsasss.exe [Ver = | Size = 37303 bytes | Created Date = 21/02/2007 0.42.42 | Attr = ]
C:\WINDOWS\System32\AVASTSS.scr ALWIL Software [Ver = 4, 7, 936, 0 | Size = 90112 bytes | Created Date = 21/02/2007 13.28.17 | Attr = ]
C:\WINDOWS\System32\aswBoot.exe [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Created Date = 21/02/2007 13.28.17 | Attr = ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49248 bytes | Created Date = 13/03/2007 15.05.32 | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49250 bytes | Created Date = 13/03/2007 15.05.32 | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 127078 bytes | Created Date = 13/03/2007 15.05.32 | Attr = ]
C:\WINDOWS\System32\drivers\aavmker4.sys ALWIL Software [Ver = 4.7.892.0 | Size = 31560 bytes | Created Date = 21/02/2007 13.28.22 | Attr = ]
C:\WINDOWS\System32\drivers\aswmon.sys ALWIL Software [Ver = 4.7.892.0 | Size = 85952 bytes | Created Date = 21/02/2007 13.28.22 | Attr = ]
C:\WINDOWS\System32\drivers\aswmon2.sys ALWIL Software [Ver = 4.7.892.0 | Size = 94424 bytes | Created Date = 21/02/2007 13.28.22 | Attr = ]
C:\WINDOWS\System32\drivers\aswRdr.sys ALWIL Software [Ver = 4.7.936.0 | Size = 23352 bytes | Created Date = 21/02/2007 13.28.24 | Attr = ]
C:\WINDOWS\System32\drivers\aswTdi.sys ALWIL Software [Ver = 4.7.936.0 | Size = 43176 bytes | Created Date = 13/03/2007 12.10.50 | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 13/03/2007 15.57.34 | Attr = ]
»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»
C:\BOOT.INI [Ver = | Size = 194 bytes | Modified Date = 14/03/2007 12.29.40 | Attr = HS]
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT [Ver = | Size = 91136 bytes | Modified Date = 27/02/2007 2.04.30 | Attr = ]
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 23552 bytes | Modified Date = 07/03/2007 15.09.40 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\Memento.notes [Ver = | Size = 8805 bytes | Modified Date = 19/02/2007 21.11.48 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\Avast 4.6 Pro ITA + keygen + skins by Peppez.rar [Ver = | Size = 18013223 bytes | Modified Date = 20/02/2007 2.29.02 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\DSCN3015.jpg [Ver = | Size = 300866 bytes | Modified Date = 10/03/2007 18.06.44 | Attr = ]
C:\Documents and Settings\Proprietario\Documenti\auto.nr3 [Ver = | Size = 16649 bytes | Modified Date = 14/03/2007 11.36.06 | Attr = ]
C:\Documents and Settings\Proprietario\Desktop\Thumbs.db [Ver = | Size = 45568 bytes | Modified Date = 22/02/2007 18.22.44 | Attr = HS]
C:\WINDOWS\system.ini [Ver = | Size = 227 bytes | Modified Date = 14/03/2007 12.29.40 | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 0 bytes | Modified Date = 14/03/2007 12.29.40 | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 14/03/2007 12.34.34 | Attr = S]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 11/03/2007 19.04.02 | Attr = H ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 11/03/2007 19.04.02 | Attr = ]
C:\WINDOWS\NeroDigital.ini [Ver = | Size = 116 bytes | Modified Date = 07/03/2007 20.31.50 | Attr = ]
C:\WINDOWS\ODBC.INI [Ver = | Size = 478 bytes | Modified Date = 21/02/2007 13.39.42 | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 1158 bytes | Modified Date = 19/02/2007 17.39.18 | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 309992 bytes | Modified Date = 27/02/2007 2.03.08 | Attr = ]
C:\WINDOWS\System32\CONFIG.NT [Ver = | Size = 2934 bytes | Modified Date = 13/03/2007 12.10.50 | Attr = ]
C:\WINDOWS\System32\muzika.xm [Ver = | Size = 37473 bytes | Modified Date = 21/02/2007 22.36.08 | Attr = ]
C:\WINDOWS\System32\lsasss.exe [Ver = | Size = 37303 bytes | Modified Date = 13/03/2007 14.58.10 | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 13/03/2007 15.17.44 | Attr = ]
»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
[Thawte Consulting , WSUD , ]C:\Documents and Settings\Proprietario\Documenti\v152PATCHREL.exe (Macrovision Corporation)
[PEC2 , Thawte Consulting , ]C:\Documents and Settings\Proprietario\Documenti\sp31212.exe (Hewlett-Packard Company )
[UPX! , UPX0 , ]C:\Documents and Settings\Proprietario\Documenti\Avast!PRO.ITA.v4.6.exe ()
[Thawte Consulting , ]C:\Documents and Settings\Proprietario\Documenti\x-raypc.exe ()
[aspack , ]C:\WINDOWS\Acer.scr ()
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\npkcsvc.exe (INCA Internet Co., Ltd.)
[ad-beh , qoologic , UPX! , ]C:\WINDOWS\System32\npscan.dll (INCA Internet Co., Ltd. )
[UPX! , UPX0 , ]C:\WINDOWS\System32\MACDec.dll (Matthew T. Ashland)
[Thawte Consulting , ]C:\WINDOWS\System32\XceedSco.dll (Xceed Software Inc (450) 442-2626
support@xceedsoft.com www.xceedsoft.com)
[Thawte Consulting , ]C:\WINDOWS\System32\XceedCry.dll (Xceed Software Inc (450) 442-2626
support@xceedsoft.com www.xceedsoft.com)
[FSG! , ]C:\WINDOWS\System32\svcalflk.exe ()
[WSUD , ]C:\WINDOWS\System32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
[UPX! , UPX0 , ]C:\WINDOWS\System32\lsasss.exe ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\MonkeySource.ax ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\aswBoot.exe ()
< End of report >